2023-05-10 12:16:48 +03:00
|
|
|
# This file is automatically @generated by Cargo.
|
|
|
|
# It is not intended for manual editing.
|
|
|
|
version = 3
|
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "addr2line"
|
2024-06-11 12:07:25 +03:00
|
|
|
version = "0.22.0"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-06-11 12:07:25 +03:00
|
|
|
checksum = "6e4503c46a5c0c7844e948c9a4d6acd9f50cccb4de1c48eb9e291ea17470c678"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"gimli",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "adler"
|
|
|
|
version = "1.0.2"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"
|
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
2023-05-10 13:38:23 +03:00
|
|
|
name = "affine_native"
|
2023-05-10 12:16:48 +03:00
|
|
|
version = "0.0.0"
|
|
|
|
dependencies = [
|
2023-06-07 09:52:19 +03:00
|
|
|
"affine_schema",
|
2023-05-10 12:16:48 +03:00
|
|
|
"anyhow",
|
2023-06-07 09:52:19 +03:00
|
|
|
"chrono",
|
|
|
|
"dotenv",
|
2023-05-10 12:16:48 +03:00
|
|
|
"napi",
|
|
|
|
"napi-build",
|
|
|
|
"napi-derive",
|
|
|
|
"notify",
|
2023-05-17 07:36:51 +03:00
|
|
|
"once_cell",
|
2023-05-10 12:16:48 +03:00
|
|
|
"parking_lot",
|
2023-10-18 11:06:07 +03:00
|
|
|
"rand",
|
2023-05-10 12:16:48 +03:00
|
|
|
"serde",
|
|
|
|
"serde_json",
|
2023-10-18 11:06:07 +03:00
|
|
|
"sha3",
|
2023-06-07 09:52:19 +03:00
|
|
|
"sqlx",
|
2023-05-10 12:16:48 +03:00
|
|
|
"tokio",
|
|
|
|
"uuid",
|
|
|
|
]
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
|
|
|
name = "affine_schema"
|
|
|
|
version = "0.0.0"
|
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
2024-04-29 05:14:20 +03:00
|
|
|
name = "affine_server_native"
|
2023-08-29 13:07:05 +03:00
|
|
|
version = "1.0.0"
|
|
|
|
dependencies = [
|
2023-10-18 11:06:07 +03:00
|
|
|
"chrono",
|
2024-04-29 07:46:26 +03:00
|
|
|
"file-format",
|
2024-05-16 10:55:10 +03:00
|
|
|
"mimalloc",
|
2023-08-29 13:07:05 +03:00
|
|
|
"napi",
|
|
|
|
"napi-build",
|
|
|
|
"napi-derive",
|
2023-10-18 11:06:07 +03:00
|
|
|
"rand",
|
|
|
|
"sha3",
|
2024-05-16 10:55:10 +03:00
|
|
|
"tiktoken-rs",
|
2023-10-18 11:06:07 +03:00
|
|
|
"tokio",
|
2024-01-31 09:54:33 +03:00
|
|
|
"y-octo",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "ahash"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.8.11"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "e89da841a80418a9b391ebaea17f5c112ffaaa96f621d2c285b5174da76b9011"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"cfg-if",
|
2023-09-04 10:31:00 +03:00
|
|
|
"getrandom",
|
2023-06-07 09:52:19 +03:00
|
|
|
"once_cell",
|
|
|
|
"version_check",
|
2023-11-27 10:24:07 +03:00
|
|
|
"zerocopy",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "aho-corasick"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "1.1.3"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"memchr",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "allocator-api2"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.2.18"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "5c6cb57a04249c6480766f7f7cef5467412af1490f8d1e243141daddada3264f"
|
2023-06-07 09:52:19 +03:00
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "android-tzdata"
|
|
|
|
version = "0.1.1"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-29 13:07:05 +03:00
|
|
|
checksum = "e999941b234f3131b00bc13c22d06e8c5ff726d1b6318ac7eb276997bbb4fef0"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "android_system_properties"
|
|
|
|
version = "0.1.5"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-29 13:07:05 +03:00
|
|
|
checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311"
|
|
|
|
dependencies = [
|
|
|
|
"libc",
|
|
|
|
]
|
2023-06-07 09:52:19 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "anyhow"
|
2024-05-21 08:08:34 +03:00
|
|
|
version = "1.0.86"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-21 08:08:34 +03:00
|
|
|
checksum = "b3d1d046238990b9cf5bcde22a3fb3584ee5cf65fb2765f454ed428c7a0063da"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
2023-05-17 07:36:51 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "arbitrary"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "1.3.2"
|
2023-05-17 07:36:51 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "7d5a26814d8dcb93b0e5a0ff3c6d80a8843bafb21b39e8e18a6f05471870e110"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"derive_arbitrary",
|
|
|
|
]
|
2023-05-17 07:36:51 +03:00
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "atoi"
|
|
|
|
version = "2.0.0"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-29 13:07:05 +03:00
|
|
|
checksum = "f28d99ec8bfea296261ca1af174f24225171fea9664ba9003cbebee704810528"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"num-traits",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "autocfg"
|
2024-05-16 12:15:58 +03:00
|
|
|
version = "1.3.0"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-16 12:15:58 +03:00
|
|
|
checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "backtrace"
|
2024-06-24 11:06:20 +03:00
|
|
|
version = "0.3.73"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-06-24 11:06:20 +03:00
|
|
|
checksum = "5cc23269a4f8976d0a4d2e7109211a419fe30e8d88d677cd60b6bc79c5732e0a"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"addr2line",
|
|
|
|
"cc",
|
2023-05-10 12:16:48 +03:00
|
|
|
"cfg-if",
|
2023-08-29 13:07:05 +03:00
|
|
|
"libc",
|
|
|
|
"miniz_oxide",
|
|
|
|
"object",
|
|
|
|
"rustc-demangle",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "base64"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.21.7"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567"
|
2023-06-07 09:52:19 +03:00
|
|
|
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
[[package]]
|
|
|
|
name = "base64"
|
|
|
|
version = "0.22.1"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6"
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "base64ct"
|
|
|
|
version = "1.6.0"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-29 13:07:05 +03:00
|
|
|
checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b"
|
2023-06-07 09:52:19 +03:00
|
|
|
|
2024-05-16 10:55:10 +03:00
|
|
|
[[package]]
|
|
|
|
name = "bit-set"
|
|
|
|
version = "0.5.3"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "0700ddab506f33b20a03b13996eccd309a48e5ff77d0d95926aa0210fb4e95f1"
|
|
|
|
dependencies = [
|
|
|
|
"bit-vec",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "bit-vec"
|
|
|
|
version = "0.6.3"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "349f9b6a179ed607305526ca489b34ad0a41aed5f7980fa90eb03160b69598fb"
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "bitflags"
|
|
|
|
version = "1.3.2"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-29 13:07:05 +03:00
|
|
|
checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
|
2023-06-07 09:52:19 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "bitflags"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "2.6.0"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"serde",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "bitvec"
|
|
|
|
version = "1.0.1"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-29 13:07:05 +03:00
|
|
|
checksum = "1bc2832c24239b0141d5674bb9174f9d68a8b5b3f2753311927c172ca46f7e9c"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"funty",
|
|
|
|
"radium",
|
|
|
|
"tap",
|
|
|
|
"wyz",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "block-buffer"
|
|
|
|
version = "0.10.4"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-29 13:07:05 +03:00
|
|
|
checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"generic-array",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
2024-05-16 10:55:10 +03:00
|
|
|
[[package]]
|
|
|
|
name = "bstr"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "1.10.0"
|
2024-05-16 10:55:10 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "40723b8fb387abc38f4f4a37c09073622e41dd12327033091ef8950659e6dc0c"
|
2024-05-16 10:55:10 +03:00
|
|
|
dependencies = [
|
|
|
|
"memchr",
|
2024-06-11 12:07:25 +03:00
|
|
|
"regex-automata 0.4.7",
|
2024-05-16 10:55:10 +03:00
|
|
|
"serde",
|
|
|
|
]
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "bumpalo"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "3.16.0"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c"
|
2023-06-07 09:52:19 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "byteorder"
|
2023-10-11 10:36:45 +03:00
|
|
|
version = "1.5.0"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-10-11 10:36:45 +03:00
|
|
|
checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "bytes"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "1.7.1"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "8318a53db07bb3f8dca91a600466bdb3f2eaadeedfdbcf02e1accbad9271ba50"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "cc"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "1.1.15"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "57b6a275aa2903740dc87da01c62040406b8812552e97129a63ea8850a17c6e6"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
dependencies = [
|
|
|
|
"shlex",
|
|
|
|
]
|
2023-05-10 12:16:48 +03:00
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "cfg-if"
|
|
|
|
version = "1.0.0"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-29 13:07:05 +03:00
|
|
|
checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
|
2023-06-07 09:52:19 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "chrono"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.4.38"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "a21f936df1771bf62b77f047b726c4625ff2e8aa607c01ec06e5a05bd8463401"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"android-tzdata",
|
|
|
|
"iana-time-zone",
|
|
|
|
"js-sys",
|
|
|
|
"num-traits",
|
|
|
|
"wasm-bindgen",
|
2024-09-03 10:42:54 +03:00
|
|
|
"windows-targets 0.52.6",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
[[package]]
|
|
|
|
name = "concurrent-queue"
|
|
|
|
version = "2.5.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "4ca0197aee26d1ae37445ee532fefce43251d24cc7c166799f4d46817f1d3973"
|
|
|
|
dependencies = [
|
|
|
|
"crossbeam-utils",
|
|
|
|
]
|
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "const-oid"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.9.6"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"
|
2023-06-07 09:52:19 +03:00
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "convert_case"
|
|
|
|
version = "0.6.0"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-29 13:07:05 +03:00
|
|
|
checksum = "ec182b0ca2f35d8fc196cf3404988fd8b8c739a4d270ff118a398feb0cbec1ca"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"unicode-segmentation",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "core-foundation-sys"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.8.7"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "cpufeatures"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.2.13"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "51e852e6dc9a5bed1fae92dd2375037bf2b768725bf3be87811edee3249d09ad"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"libc",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "crc"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "3.2.1"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "69e6e4d7b33a94f0991c26729976b10ebde1d34c3ee82408fb536164fa10d636"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"crc-catalog",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "crc-catalog"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "2.4.0"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "19d374276b40fb8bbdee95aef7c7fa6b5316ec764510eb64b8dd0e2ed0d7e7f5"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "crossbeam-channel"
|
2024-05-21 08:08:34 +03:00
|
|
|
version = "0.5.13"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-21 08:08:34 +03:00
|
|
|
checksum = "33480d6946193aa8033910124896ca395333cae7e2d1113d1fef6c3272217df2"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"crossbeam-utils",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "crossbeam-queue"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.3.11"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "df0346b5d5e76ac2fe4e327c5fd1118d6be7c51dfb18f9b7922923f287471e35"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"crossbeam-utils",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "crossbeam-utils"
|
2024-05-21 08:08:34 +03:00
|
|
|
version = "0.8.20"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-21 08:08:34 +03:00
|
|
|
checksum = "22ec99545bb0ed0ea7bb9b8e1e9122ea386ff8a48c0922e43f36d45ab09e0e80"
|
2023-06-07 09:52:19 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "crypto-common"
|
|
|
|
version = "0.1.6"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-29 13:07:05 +03:00
|
|
|
checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"generic-array",
|
|
|
|
"typenum",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "ctor"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.2.8"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "edb49164822f3ee45b17acd4a208cfc1251410cf0cad9a833234c9890774dd9f"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"quote",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"syn",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "dashmap"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "6.0.1"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "804c8821570c3f8b70230c2ba75ffa5c0f9a4189b9a432b6656c536712acae28"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"cfg-if",
|
2024-09-03 10:42:54 +03:00
|
|
|
"crossbeam-utils",
|
|
|
|
"hashbrown",
|
2023-08-29 13:07:05 +03:00
|
|
|
"lock_api",
|
|
|
|
"once_cell",
|
|
|
|
"parking_lot_core",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "der"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.7.9"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "f55bf8e7b65898637379c1b74eb1551107c8294ed26d855ceb9fd1a09cfc9bc0"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"const-oid",
|
|
|
|
"pem-rfc7468",
|
|
|
|
"zeroize",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "derive_arbitrary"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "1.3.2"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "67e77553c4162a157adbf834ebae5b415acbecbeafc7a74b0e886657506a7611"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"syn",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "digest"
|
|
|
|
version = "0.10.7"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-29 13:07:05 +03:00
|
|
|
checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
|
|
|
|
dependencies = [
|
|
|
|
"block-buffer",
|
|
|
|
"const-oid",
|
|
|
|
"crypto-common",
|
|
|
|
"subtle",
|
|
|
|
]
|
2023-06-07 09:52:19 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "dotenv"
|
|
|
|
version = "0.15.0"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-29 13:07:05 +03:00
|
|
|
checksum = "77c90badedccf4105eca100756a0b1289e191f6fcbdadd3cee1d2f614f97da8f"
|
2023-06-07 09:52:19 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "dotenvy"
|
|
|
|
version = "0.15.7"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-29 13:07:05 +03:00
|
|
|
checksum = "1aaf95b3e5c8f23aa320147307562d361db0ae0d51242340f558153b4eb2439b"
|
2023-06-07 09:52:19 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "either"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "1.13.0"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "60b1af1c220855b6ceac025d3f6ecdd2b7c4894bfe9cd9bda4fbb4bc7c0d4cf0"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"serde",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "equivalent"
|
|
|
|
version = "1.0.1"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-29 13:07:05 +03:00
|
|
|
checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5"
|
2023-06-07 09:52:19 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "errno"
|
2024-05-16 12:15:58 +03:00
|
|
|
version = "0.3.9"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-16 12:15:58 +03:00
|
|
|
checksum = "534c5cf6194dfab3db3242765c03bbe257cf92f22b38f6bc0c58d59108a820ba"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"libc",
|
2024-04-19 23:14:13 +03:00
|
|
|
"windows-sys 0.52.0",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "etcetera"
|
|
|
|
version = "0.8.0"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-29 13:07:05 +03:00
|
|
|
checksum = "136d1b5283a1ab77bd9257427ffd09d8667ced0570b6f938942bc7568ed5b943"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"cfg-if",
|
|
|
|
"home",
|
2024-04-19 23:14:13 +03:00
|
|
|
"windows-sys 0.48.0",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "event-listener"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
version = "5.3.1"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
checksum = "6032be9bd27023a771701cc49f9f053c751055f71efb2e0ae5c15809093675ba"
|
|
|
|
dependencies = [
|
|
|
|
"concurrent-queue",
|
|
|
|
"parking",
|
|
|
|
"pin-project-lite",
|
|
|
|
]
|
2023-08-29 13:07:05 +03:00
|
|
|
|
2024-05-16 10:55:10 +03:00
|
|
|
[[package]]
|
|
|
|
name = "fancy-regex"
|
|
|
|
version = "0.12.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "7493d4c459da9f84325ad297371a6b2b8a162800873a22e3b6b6512e61d18c05"
|
|
|
|
dependencies = [
|
|
|
|
"bit-set",
|
|
|
|
"regex",
|
|
|
|
]
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "fastrand"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "2.1.1"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "e8c02a5121d4ea3eb16a80748c74f5549a5665e4c21333c6098f283870fbdea6"
|
2023-06-07 09:52:19 +03:00
|
|
|
|
2024-04-29 07:46:26 +03:00
|
|
|
[[package]]
|
|
|
|
name = "file-format"
|
2024-05-09 11:37:28 +03:00
|
|
|
version = "0.25.0"
|
2024-04-29 07:46:26 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-09 11:37:28 +03:00
|
|
|
checksum = "9ffe3a660c3a1b10e96f304a9413d673b2118d62e4520f7ddf4a4faccfe8b9b9"
|
2024-04-29 07:46:26 +03:00
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "filetime"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.2.25"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "35c0522e981e68cbfa8c3f978441a5f34b30b96e146b33cd3359176b50fe8586"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"cfg-if",
|
|
|
|
"libc",
|
2024-09-03 10:42:54 +03:00
|
|
|
"libredox",
|
|
|
|
"windows-sys 0.59.0",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "flume"
|
2023-10-11 10:36:45 +03:00
|
|
|
version = "0.11.0"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-10-11 10:36:45 +03:00
|
|
|
checksum = "55ac459de2512911e4b674ce33cf20befaba382d05b62b008afc1c8b57cbf181"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"futures-core",
|
|
|
|
"futures-sink",
|
2024-06-24 11:06:20 +03:00
|
|
|
"spin",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
2023-06-07 09:52:19 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "form_urlencoded"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "1.2.1"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "e13624c2627564efccf4934284bdd98cbaa14e79b0b5a141218e507b3a823456"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"percent-encoding",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "fsevent-sys"
|
|
|
|
version = "4.1.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "76ee7a02da4d231650c7cea31349b889be2f45ddb3ef3032d2ec8185f6313fd2"
|
|
|
|
dependencies = [
|
|
|
|
"libc",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "funty"
|
|
|
|
version = "2.0.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "e6d5a32815ae3f33302d95fdcb2ce17862f8c65363dcfd29360480ba1001fc9c"
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "futures-channel"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.3.30"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "eac8f7d7865dcb88bd4373ab671c8cf4508703796caa2b1985a9ca867b3fcb78"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"futures-core",
|
|
|
|
"futures-sink",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "futures-core"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.3.30"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "dfc6580bb841c5a68e9ef15c77ccc837b40a7504914d52e47b8b0e9bbda25a1d"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "futures-executor"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.3.30"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "a576fc72ae164fca6b9db127eaa9a9dda0d61316034f33a0a0d4eda41f02b01d"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"futures-core",
|
|
|
|
"futures-task",
|
|
|
|
"futures-util",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "futures-intrusive"
|
|
|
|
version = "0.5.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "1d930c203dd0b6ff06e0201a4a2fe9149b43c684fd4420555b26d21b1a02956f"
|
|
|
|
dependencies = [
|
|
|
|
"futures-core",
|
|
|
|
"lock_api",
|
|
|
|
"parking_lot",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "futures-io"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.3.30"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "a44623e20b9681a318efdd71c299b6b222ed6f231972bfe2f224ebad6311f0c1"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "futures-sink"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.3.30"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "9fb8e00e87438d937621c1c6269e53f536c14d3fbd6a042bb24879e57d474fb5"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "futures-task"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.3.30"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "38d84fa142264698cdce1a9f9172cf383a0c82de1bddcf3092901442c4097004"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "futures-util"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.3.30"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "3d6401deb83407ab3da39eba7e33987a73c3df0c82b4bb5813ee871c19c41d48"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"futures-core",
|
|
|
|
"futures-io",
|
|
|
|
"futures-sink",
|
|
|
|
"futures-task",
|
|
|
|
"memchr",
|
|
|
|
"pin-project-lite",
|
|
|
|
"pin-utils",
|
|
|
|
"slab",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "generator"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.8.3"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "dbb949699c3e4df3a183b1d2142cb24277057055ed23c68ed58894f76c517223"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
2024-05-16 12:15:58 +03:00
|
|
|
"cfg-if",
|
2023-08-29 13:07:05 +03:00
|
|
|
"libc",
|
|
|
|
"log",
|
|
|
|
"rustversion",
|
|
|
|
"windows",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "generic-array"
|
|
|
|
version = "0.14.7"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
|
|
|
|
dependencies = [
|
|
|
|
"typenum",
|
|
|
|
"version_check",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "getrandom"
|
2024-05-16 12:15:58 +03:00
|
|
|
version = "0.2.15"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-16 12:15:58 +03:00
|
|
|
checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"cfg-if",
|
|
|
|
"libc",
|
2023-10-11 10:36:45 +03:00
|
|
|
"wasi",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "gimli"
|
2024-06-11 12:07:25 +03:00
|
|
|
version = "0.29.0"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-06-11 12:07:25 +03:00
|
|
|
checksum = "40ecd4077b5ae9fd2e9e169b102c6c330d0605168eb0e8bf79952b256dbefffd"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "hashbrown"
|
2024-05-16 12:15:58 +03:00
|
|
|
version = "0.14.5"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-16 12:15:58 +03:00
|
|
|
checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
2024-01-31 09:54:33 +03:00
|
|
|
"ahash",
|
2023-08-29 13:07:05 +03:00
|
|
|
"allocator-api2",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "hashlink"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
version = "0.9.1"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
checksum = "6ba4ff7128dee98c7dc9794b6a411377e1404dba1c97deb8d1a55297bd25d8af"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
2024-09-03 10:42:54 +03:00
|
|
|
"hashbrown",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "heck"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
version = "0.5.0"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "hermit-abi"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.3.9"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "hex"
|
|
|
|
version = "0.4.3"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "hkdf"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.12.4"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"hmac",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "hmac"
|
|
|
|
version = "0.12.1"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e"
|
|
|
|
dependencies = [
|
|
|
|
"digest",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "home"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.5.9"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "e3d1354bf6b7235cb4a0576c2619fd4ed18183f689b12b006a0ee7329eeff9a5"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
2024-04-19 23:14:13 +03:00
|
|
|
"windows-sys 0.52.0",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "iana-time-zone"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.1.60"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "e7ffbb5a1b541ea2561f8c41c087286cc091e21e556a4f09a8f6cbf17b69b141"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"android_system_properties",
|
|
|
|
"core-foundation-sys",
|
|
|
|
"iana-time-zone-haiku",
|
|
|
|
"js-sys",
|
|
|
|
"wasm-bindgen",
|
2024-05-16 12:15:58 +03:00
|
|
|
"windows-core 0.52.0",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "iana-time-zone-haiku"
|
|
|
|
version = "0.1.2"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f"
|
|
|
|
dependencies = [
|
|
|
|
"cc",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "idna"
|
2024-06-24 11:06:20 +03:00
|
|
|
version = "0.5.0"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-06-24 11:06:20 +03:00
|
|
|
checksum = "634d9b1461af396cad843f47fdba5597a4f9e6ddd4bfb6ff5d85028c25cb12f6"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
2024-06-24 11:06:20 +03:00
|
|
|
"unicode-bidi",
|
|
|
|
"unicode-normalization",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "indexmap"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "2.5.0"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "68b900aa2f7301e21c36462b170ee99994de34dff39a4a6a528e80e7376d07e5"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"equivalent",
|
2024-09-03 10:42:54 +03:00
|
|
|
"hashbrown",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "inotify"
|
|
|
|
version = "0.9.6"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "f8069d3ec154eb856955c1c0fbffefbf5f3c40a104ec912d4797314c1801abff"
|
|
|
|
dependencies = [
|
|
|
|
"bitflags 1.3.2",
|
|
|
|
"inotify-sys",
|
|
|
|
"libc",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "inotify-sys"
|
|
|
|
version = "0.1.5"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "e05c02b5e89bff3b946cedeca278abc628fe811e604f027c45a8aa3cf793d0eb"
|
|
|
|
dependencies = [
|
|
|
|
"libc",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "itoa"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "1.0.11"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "js-sys"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.3.70"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "1868808506b929d7b0cfa8f75951347aa71bb21144b7791bae35d9bccfcfe37a"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"wasm-bindgen",
|
|
|
|
]
|
|
|
|
|
2023-10-18 11:06:07 +03:00
|
|
|
[[package]]
|
|
|
|
name = "keccak"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.1.5"
|
2023-10-18 11:06:07 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "ecc2af9a1119c51f12a14607e783cb977bde58bc069ff0c3da1095e635d70654"
|
2023-10-18 11:06:07 +03:00
|
|
|
dependencies = [
|
|
|
|
"cpufeatures",
|
|
|
|
]
|
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "kqueue"
|
|
|
|
version = "1.0.8"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "7447f1ca1b7b563588a205fe93dea8df60fd981423a768bc1c0ded35ed147d0c"
|
|
|
|
dependencies = [
|
|
|
|
"kqueue-sys",
|
|
|
|
"libc",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "kqueue-sys"
|
|
|
|
version = "1.0.4"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "ed9625ffda8729b85e45cf04090035ac368927b8cebc34898e7c120f52e4838b"
|
|
|
|
dependencies = [
|
|
|
|
"bitflags 1.3.2",
|
|
|
|
"libc",
|
|
|
|
]
|
|
|
|
|
2024-01-31 09:54:33 +03:00
|
|
|
[[package]]
|
|
|
|
name = "lasso"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.7.3"
|
2024-01-31 09:54:33 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "6e14eda50a3494b3bf7b9ce51c52434a761e383d7238ce1dd5dcec2fbc13e9fb"
|
2024-01-31 09:54:33 +03:00
|
|
|
dependencies = [
|
|
|
|
"dashmap",
|
2024-09-03 10:42:54 +03:00
|
|
|
"hashbrown",
|
2024-01-31 09:54:33 +03:00
|
|
|
]
|
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "lazy_static"
|
2024-06-24 11:06:20 +03:00
|
|
|
version = "1.5.0"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-06-24 11:06:20 +03:00
|
|
|
checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
2024-06-24 11:06:20 +03:00
|
|
|
"spin",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "libc"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.2.158"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "d8adc4bb1803a324070e64a98ae98f38934d91957a99cfb3a43dcbc01bc56439"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "libloading"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.8.5"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "4979f22fdb869068da03c9f7528f8297c6fd2606bc3a4affe42e6a823fdb8da4"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"cfg-if",
|
2024-09-03 10:42:54 +03:00
|
|
|
"windows-targets 0.52.6",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "libm"
|
2023-10-11 10:36:45 +03:00
|
|
|
version = "0.2.8"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-10-11 10:36:45 +03:00
|
|
|
checksum = "4ec2a862134d2a7d32d7983ddcdd1c4923530833c9f2ea1a44fc5fa473989058"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
2024-05-16 10:55:10 +03:00
|
|
|
[[package]]
|
|
|
|
name = "libmimalloc-sys"
|
2024-06-24 11:06:20 +03:00
|
|
|
version = "0.1.39"
|
2024-05-16 10:55:10 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-06-24 11:06:20 +03:00
|
|
|
checksum = "23aa6811d3bd4deb8a84dde645f943476d13b248d818edcf8ce0b2f37f036b44"
|
2024-05-16 10:55:10 +03:00
|
|
|
dependencies = [
|
|
|
|
"cc",
|
|
|
|
"libc",
|
|
|
|
]
|
|
|
|
|
2024-09-03 10:42:54 +03:00
|
|
|
[[package]]
|
|
|
|
name = "libredox"
|
|
|
|
version = "0.1.3"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "c0ff37bd590ca25063e35af745c343cb7a0271906fb7b37e4813e8f79f00268d"
|
|
|
|
dependencies = [
|
|
|
|
"bitflags 2.6.0",
|
|
|
|
"libc",
|
|
|
|
"redox_syscall",
|
|
|
|
]
|
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "libsqlite3-sys"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
version = "0.30.1"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
checksum = "2e99fb7a497b1e3339bc746195567ed8d3e24945ecd636e3619d20b9de9e9149"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"cc",
|
|
|
|
"pkg-config",
|
|
|
|
"vcpkg",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "linux-raw-sys"
|
2024-05-21 08:08:34 +03:00
|
|
|
version = "0.4.14"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-21 08:08:34 +03:00
|
|
|
checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "lock_api"
|
2024-05-16 12:15:58 +03:00
|
|
|
version = "0.4.12"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-16 12:15:58 +03:00
|
|
|
checksum = "07af8b9cdd281b7915f413fa73f29ebd5d55d0d3f0155584dade1ff18cea1b17"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"autocfg",
|
|
|
|
"scopeguard",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "log"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.4.22"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "loom"
|
2024-05-16 12:15:58 +03:00
|
|
|
version = "0.7.2"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-16 12:15:58 +03:00
|
|
|
checksum = "419e0dc8046cb947daa77eb95ae174acfbddb7673b4151f56d1eed8e93fbfaca"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"cfg-if",
|
|
|
|
"generator",
|
|
|
|
"scoped-tls",
|
|
|
|
"serde",
|
|
|
|
"serde_json",
|
|
|
|
"tracing",
|
|
|
|
"tracing-subscriber",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "matchers"
|
|
|
|
version = "0.1.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "8263075bb86c5a1b1427b5ae862e8889656f126e9f77c484496e8b47cf5c5558"
|
|
|
|
dependencies = [
|
|
|
|
"regex-automata 0.1.10",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "md-5"
|
2023-10-11 10:36:45 +03:00
|
|
|
version = "0.10.6"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-10-11 10:36:45 +03:00
|
|
|
checksum = "d89e7ee0cfbedfc4da3340218492196241d89eefb6dab27de5df917a6d2e78cf"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
2023-10-11 10:36:45 +03:00
|
|
|
"cfg-if",
|
2023-08-29 13:07:05 +03:00
|
|
|
"digest",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "memchr"
|
2024-06-24 11:06:20 +03:00
|
|
|
version = "2.7.4"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-06-24 11:06:20 +03:00
|
|
|
checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3"
|
2023-11-27 10:24:07 +03:00
|
|
|
|
2024-05-16 10:55:10 +03:00
|
|
|
[[package]]
|
|
|
|
name = "mimalloc"
|
2024-06-24 11:06:20 +03:00
|
|
|
version = "0.1.43"
|
2024-05-16 10:55:10 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-06-24 11:06:20 +03:00
|
|
|
checksum = "68914350ae34959d83f732418d51e2427a794055d0b9529f48259ac07af65633"
|
2024-05-16 10:55:10 +03:00
|
|
|
dependencies = [
|
|
|
|
"libmimalloc-sys",
|
|
|
|
]
|
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "minimal-lexical"
|
|
|
|
version = "0.2.1"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "miniz_oxide"
|
2024-06-24 11:06:20 +03:00
|
|
|
version = "0.7.4"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-06-24 11:06:20 +03:00
|
|
|
checksum = "b8a240ddb74feaf34a79a7add65a741f3167852fba007066dcac1ca548d89c08"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"adler",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "mio"
|
2024-03-05 07:02:36 +03:00
|
|
|
version = "0.8.11"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-03-05 07:02:36 +03:00
|
|
|
checksum = "a4a650543ca06a924e8b371db273b2756685faae30f8487da1b56505a8f78b0c"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"libc",
|
|
|
|
"log",
|
2023-10-11 10:36:45 +03:00
|
|
|
"wasi",
|
2024-04-19 23:14:13 +03:00
|
|
|
"windows-sys 0.48.0",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
chore: bump up all non-major dependencies (#7925)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type | Update |
|---|---|---|---|---|---|---|---|
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@chromatic-com/storybook](https://togithub.com/chromaui/addon-visual-tests) | [`1.6.1` -> `1.7.0`](https://renovatebot.com/diffs/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [@fal-ai/serverless-client](https://togithub.com/fal-ai/fal-js) ([source](https://togithub.com/fal-ai/fal-js/tree/HEAD/libs/client)) | [`^0.13.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@napi-rs/cli](https://togithub.com/napi-rs/napi-rs) | [`3.0.0-alpha.60` -> `3.0.0-alpha.62`](https://renovatebot.com/diffs/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@playwright/test](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@types/react](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/react) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react)) | [`18.3.3` -> `18.3.4`](https://renovatebot.com/diffs/npm/@types%2freact/18.3.3/18.3.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/css](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/css)) | [`1.15.4` -> `1.15.5`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fcss/1.15.4/1.15.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/vite-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/vite-plugin)) | [`4.0.14` -> `4.0.15`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/webpack-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/webpack-plugin)) | [`2.3.12` -> `2.3.13`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [dayjs](https://day.js.org) ([source](https://togithub.com/iamkun/dayjs)) | [`1.11.12` -> `1.11.13`](https://renovatebot.com/diffs/npm/dayjs/1.11.12/1.11.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [electron](https://togithub.com/electron/electron) | [`32.0.0` -> `32.0.1`](https://renovatebot.com/diffs/npm/electron/32.0.0/32.0.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [embla-carousel-react](https://www.embla-carousel.com) ([source](https://togithub.com/davidjerleke/embla-carousel)) | [`8.1.8` -> `8.2.0`](https://renovatebot.com/diffs/npm/embla-carousel-react/8.1.8/8.2.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [husky](https://togithub.com/typicode/husky) | [`9.1.4` -> `9.1.5`](https://renovatebot.com/diffs/npm/husky/9.1.4/9.1.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [jotai-scope](https://togithub.com/jotaijs/jotai-scope) | [`0.7.1` -> `0.7.2`](https://renovatebot.com/diffs/npm/jotai-scope/0.7.1/0.7.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [lucide-react](https://lucide.dev) ([source](https://togithub.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react)) | [`^0.408.0` -> `^0.429.0`](https://renovatebot.com/diffs/npm/lucide-react/0.408.0/0.429.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [napi](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.7` -> `3.0.0-alpha.8` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [napi-derive](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.6` -> `3.0.0-alpha.7` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [nestjs-throttler-storage-redis](https://togithub.com/kkoomen/nestjs-throttler-storage-redis) | [`^0.4.1` -> `^0.5.0`](https://renovatebot.com/diffs/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [node](https://nodejs.org) ([source](https://togithub.com/nodejs/node)) | `20.15.1` -> `20.16.0` | [![age](https://developer.mend.io/api/mc/badges/age/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor |
| openresty/openresty | `1.25.3.1-0-buster` -> `1.25.3.2-0-buster` | [![age](https://developer.mend.io/api/mc/badges/age/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | final | patch |
| [playwright](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/playwright/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [react-refresh](https://reactjs.org/) ([source](https://togithub.com/facebook/react/tree/HEAD/packages/react)) | [`^0.10.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/react-refresh/0.10.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [serde](https://serde.rs) ([source](https://togithub.com/serde-rs/serde)) | `1.0.204` -> `1.0.208` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [serde_json](https://togithub.com/serde-rs/json) | `1.0.120` -> `1.0.125` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [storybook-dark-mode](https://togithub.com/hipstersmoothie/storybook-dark-mode) | [`4.0.1` -> `4.0.2`](https://renovatebot.com/diffs/npm/storybook-dark-mode/4.0.1/4.0.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dev-dependencies | minor |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | minor |
| [vite](https://vitejs.dev) ([source](https://togithub.com/vitejs/vite/tree/HEAD/packages/vite)) | [`5.4.1` -> `5.4.2`](https://renovatebot.com/diffs/npm/vite/5.4.1/5.4.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [vite-plugin-dts](https://togithub.com/qmhc/vite-plugin-dts) | [`4.0.2` -> `4.0.3`](https://renovatebot.com/diffs/npm/vite-plugin-dts/4.0.2/4.0.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [wrangler](https://togithub.com/cloudflare/workers-sdk) ([source](https://togithub.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler)) | [`3.72.0` -> `3.72.1`](https://renovatebot.com/diffs/npm/wrangler/3.72.0/3.72.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
---
### Release Notes
<details>
<summary>aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)</summary>
### [`v3.635.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#36350-2024-08-20)
[Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.633.0...v3.635.0)
##### Features
- **client-s3:** Amazon Simple Storage Service / Features : Add support for conditional writes for PutObject and CompleteMultipartUpload APIs. ([b474584](https://togithub.com/aws/aws-sdk-js-v3/commit/b474584f2cfb0438fb1007d0594a54cf1a1c2dcb))
- **codegen:** add Smithy RPCv2 CBOR to list of protocols ([#​6096](https://togithub.com/aws/aws-sdk-js-v3/issues/6096)) ([5154d4f](https://togithub.com/aws/aws-sdk-js-v3/commit/5154d4f19bc77a7bad075b35ce135d3b5f60ad1d))
</details>
<details>
<summary>chromaui/addon-visual-tests (@​chromatic-com/storybook)</summary>
### [`v1.7.0`](https://togithub.com/chromaui/addon-visual-tests/blob/HEAD/CHANGELOG.md#v170-Tue-Aug-20-2024)
[Compare Source](https://togithub.com/chromaui/addon-visual-tests/compare/v1.6.1...v1.7.0)
##### 🚀 Enhancement
- Update story status reporting for Storybook 8.3 and use new `SET_FILTER` event [#​332](https://togithub.com/chromaui/addon-visual-tests/pull/332) ([@​ghengeveld](https://togithub.com/ghengeveld))
##### Authors: 1
- Gert Hengeveld ([@​ghengeveld](https://togithub.com/ghengeveld))
***
</details>
<details>
<summary>emotion-js/emotion (@​emotion/react)</summary>
### [`v11.13.3`](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...3f468846855ed1c6092922a6317a6f5df0ba8dcc)
[Compare Source](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...@emotion/react@11.13.3)
</details>
<details>
<summary>fal-ai/fal-js (@​fal-ai/serverless-client)</summary>
### [`v0.14.2`](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
### [`v0.14.1`](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
### [`v0.14.0`](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
</details>
<details>
<summary>napi-rs/napi-rs (@​napi-rs/cli)</summary>
### [`v3.0.0-alpha.62`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
### [`v3.0.0-alpha.61`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
</details>
<details>
<summary>microsoft/playwright (@​playwright/test)</summary>
### [`v1.46.1`](https://togithub.com/microsoft/playwright/compare/v1.46.0...e1c861cfa7a6caf3c5b798786b1e6298c4f3cf31)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.46.0...v1.46.1)
### [`v1.46.0`](https://togithub.com/microsoft/playwright/compare/v1.45.3...99a36310570617222290c09b96a2026beb8b00f9)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.3...v1.46.0)
### [`v1.45.3`](https://togithub.com/microsoft/playwright/compare/v1.45.2...0e130fa8edaf85765c4a5a86bded0e6d33bfd7c2)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.2...v1.45.3)
### [`v1.45.2`](https://togithub.com/microsoft/playwright/compare/v1.45.1...d8a5f3b33193e413b404ff4aa1f71e859d8f1b6b)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.1...v1.45.2)
### [`v1.45.1`](https://togithub.com/microsoft/playwright/compare/v1.45.0...e8989f83d9801cdaadc3803b5341c601c9593947)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.0...v1.45.1)
### [`v1.45.0`](https://togithub.com/microsoft/playwright/compare/v1.44.1...4f3f6eecae490af444dd9298c9eaeb0c596915b7)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.44.1...v1.45.0)
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/css)</summary>
### [`v1.15.5`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/css/CHANGELOG.md#1155)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/css@1.15.4...@vanilla-extract/css@1.15.5)
##### Patch Changes
- [#​1466](https://togithub.com/vanilla-extract-css/vanilla-extract/pull/1466) [`6432199fa0717f424fb3f45fbe36410b03b01c1c`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/6432199fa0717f424fb3f45fbe36410b03b01c1c) Thanks [@​askoufis](https://togithub.com/askoufis)! - Speed up dev prefix generation for long file paths
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/vite-plugin)</summary>
### [`v4.0.15`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/vite-plugin/CHANGELOG.md#4015)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/vite-plugin@4.0.14...@vanilla-extract/vite-plugin@4.0.15)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/webpack-plugin)</summary>
### [`v2.3.13`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/webpack-plugin/CHANGELOG.md#2313)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/webpack-plugin@2.3.12...@vanilla-extract/webpack-plugin@2.3.13)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>zloirock/core-js (core-js)</summary>
### [`v3.38.1`](https://togithub.com/zloirock/core-js/blob/HEAD/CHANGELOG.md#3381---20240820)
[Compare Source](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Changes [v3.38.0...v3.38.1](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Fixed some cases of `URLSearchParams` percent decoding, [#​1357](https://togithub.com/zloirock/core-js/issues/1357), [#​1361](https://togithub.com/zloirock/core-js/pull/1361), thanks [**@​slowcheetah**](https://togithub.com/slowcheetah)
- Some stylistic changes and minor optimizations
- Compat data improvements:
- [`Iterator` helpers proposal](https://togithub.com/tc39/proposal-iterator-helpers) methods marked as [shipped from FF131](https://bugzilla.mozilla.org/show_bug.cgi?id=1896390)
- [`Math.f16round` and `DataView.prototype.{ getFloat16, setFloat16 }`](https://togithub.com/tc39/proposal-float16array) marked as shipped from Bun 1.1.23
- [`RegExp.escape`](https://togithub.com/tc39/proposal-regex-escaping) marked as shipped from Bun 1.1.22
- [`Promise.try`](https://togithub.com/tc39/proposal-promise-try) marked as shipped from Bun 1.1.22
- [`Uint8Array` to / from base64 and hex proposal](https://togithub.com/tc39/proposal-arraybuffer-base64) methods marked as shipped from Bun 1.1.22
- Added Hermes 0.13 compat data, similar to React Native 0.75 Hermes
- Added Opera Android 84 compat data mapping
</details>
<details>
<summary>iamkun/dayjs (dayjs)</summary>
### [`v1.11.13`](https://togithub.com/iamkun/dayjs/compare/v1.11.12...93c8fd0f807b8a8252f4cd65083bb1d6a49b90e7)
[Compare Source](https://togithub.com/iamkun/dayjs/compare/v1.11.12...v1.11.13)
</details>
<details>
<summary>electron/electron (electron)</summary>
### [`v32.0.1`](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
[Compare Source](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
</details>
<details>
<summary>davidjerleke/embla-carousel (embla-carousel-react)</summary>
### [`v8.2.0`](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...6baf1555c6f68e88a7f785213ecf363f447a8b2f)
[Compare Source](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...v8.2.0)
</details>
<details>
<summary>typicode/husky (husky)</summary>
### [`v9.1.5`](https://togithub.com/typicode/husky/compare/v9.1.4...2fee8d212c601942ad146ea9209f15c20a07fb6d)
[Compare Source](https://togithub.com/typicode/husky/compare/v9.1.4...v9.1.5)
</details>
<details>
<summary>jotaijs/jotai-scope (jotai-scope)</summary>
### [`v0.7.2`](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
[Compare Source](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
</details>
<details>
<summary>lucide-icons/lucide (lucide-react)</summary>
### [`v0.429.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.429.0): New icons 0.429.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.428.0...0.429.0)
#### Modified Icons 🔨
- `message-square-dashed` ([#​2374](https://togithub.com/lucide-icons/lucide/issues/2374)) by [@​jguddas](https://togithub.com/jguddas)
- `stethoscope` ([#​2379](https://togithub.com/lucide-icons/lucide/issues/2379)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.428.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.428.0): New icons 0.428.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.427.0...0.428.0)
#### New icons 🎨
- `tickets-plane` ([#​2196](https://togithub.com/lucide-icons/lucide/issues/2196)) by [@​jguddas](https://togithub.com/jguddas)
#### Modified Icons 🔨
- `folder-search` ([#​2354](https://togithub.com/lucide-icons/lucide/issues/2354)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.427.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.427.0): New icons 0.427.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.426.0...0.427.0)
#### New icons 🎨
- `binoculars` ([#​2207](https://togithub.com/lucide-icons/lucide/issues/2207)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `tickets` ([#​2335](https://togithub.com/lucide-icons/lucide/issues/2335)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.426.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.426.0): New icons 0.426.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.425.0...0.426.0)
#### New icons 🎨
- `chevrons-left-right-ellipsis` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
- `ethernet-port` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
#### Modified Icons 🔨
- `cigarette-off` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
- `cigarette` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.425.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.425.0): New icons 0.425.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.424.0...0.425.0)
#### New icons 🎨
- `bandage` ([#​2341](https://togithub.com/lucide-icons/lucide/issues/2341)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `table-of-contents` ([#​2348](https://togithub.com/lucide-icons/lucide/issues/2348)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `mouse-pointer-2` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-ban` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-click` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-dashed-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.424.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.424.0): New icons 0.424.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.423.0...0.424.0)
#### New icons 🎨
- `map-pin-house` ([#​2337](https://togithub.com/lucide-icons/lucide/issues/2337)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `replace-all` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
- `replace` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.423.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.423.0): New icons 0.423.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.422.0...0.423.0)
#### New icons 🎨
- `amphora` ([#​1926](https://togithub.com/lucide-icons/lucide/issues/1926)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.422.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.422.0): New icons 0.422.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.421.0...0.422.0)
#### Modified Icons 🔨
- `skull` ([#​2197](https://togithub.com/lucide-icons/lucide/issues/2197)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.421.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.421.0): New icons 0.421.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.420.0...0.421.0)
#### New icons 🎨
- `microchip` ([#​1982](https://togithub.com/lucide-icons/lucide/issues/1982)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `circle-check-big` ([#​2330](https://togithub.com/lucide-icons/lucide/issues/2330)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-download` ([#​2355](https://togithub.com/lucide-icons/lucide/issues/2355)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `pentagon` ([#​1918](https://togithub.com/lucide-icons/lucide/issues/1918)) by [@​jguddas](https://togithub.com/jguddas)
- `square-check-big` ([#​2331](https://togithub.com/lucide-icons/lucide/issues/2331)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.420.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.420.0): New icons 0.420.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.419.0...0.420.0)
#### New icons 🎨
- `omega` ([#​2347](https://togithub.com/lucide-icons/lucide/issues/2347)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `calendar-search` ([#​2351](https://togithub.com/lucide-icons/lucide/issues/2351)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-upload` ([#​2352](https://togithub.com/lucide-icons/lucide/issues/2352)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.419.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.419.0): New icons 0.419.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.418.0...0.419.0)
#### New icons 🎨
- `circle-fading-arrow-up` ([#​2287](https://togithub.com/lucide-icons/lucide/issues/2287)) by [@​mosch](https://togithub.com/mosch)
### [`v0.418.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.418.0): New icons 0.418.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.417.0...0.418.0)
#### New icons 🎨
- `id-card` ([#​1296](https://togithub.com/lucide-icons/lucide/issues/1296)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.417.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.417.0): New icons 0.417.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.416.0...0.417.0)
#### Modified Icons 🔨
- `chart-column-increasing` ([#​2334](https://togithub.com/lucide-icons/lucide/issues/2334)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.416.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.416.0): New icons 0.416.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.415.0...0.416.0)
#### New icons 🎨
- `map-pin-check-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-check` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `map-pin-off` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pinned` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.415.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.415.0): New icons 0.415.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.414.0...0.415.0)
#### New icons 🎨
- `square-square` ([#​2241](https://togithub.com/lucide-icons/lucide/issues/2241)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.414.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.414.0): New icons 0.414.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.413.0...0.414.0)
#### New icons 🎨
- `chart-area` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-decreasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-big` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-network` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-no-axes-combined` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-spline` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.413.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.413.0): New icons 0.413.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.412.0...0.413.0)
#### New icons 🎨
- `dam` ([#​2233](https://togithub.com/lucide-icons/lucide/issues/2233)) by [@​AndreasSas](https://togithub.com/AndreasSas)
#### Modified Icons 🔨
- `dog` ([#​2249](https://togithub.com/lucide-icons/lucide/issues/2249)) by [@​jguddas](https://togithub.com/jguddas)
- `key-square` ([#​2277](https://togithub.com/lucide-icons/lucide/issues/2277)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.412.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.412.0): New icons 0.412.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.411.0...0.412.0)
#### New icons 🎨
- `letter-text` ([#​2252](https://togithub.com/lucide-icons/lucide/issues/2252)) by [@​GRA0007](https://togithub.com/GRA0007)
### [`v0.411.0`](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
### [`v0.410.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.410.0): New icons 0.410.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.409.0...0.410.0)
#### New icons 🎨
- `philippine-peso` ([#​2231](https://togithub.com/lucide-icons/lucide/issues/2231)) by [@​kasutu](https://togithub.com/kasutu)
#### Modified Icons 🔨
- `ribbon` ([#​2271](https://togithub.com/lucide-icons/lucide/issues/2271)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.409.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.409.0): New icons 0.409.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.408.0...0.409.0)
#### Modified Icons 🔨
- `calendar-minus` ([#​2265](https://togithub.com/lucide-icons/lucide/issues/2265)) by [@​jguddas](https://togithub.com/jguddas)
- `eye-off` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `image-plus` ([#​2321](https://togithub.com/lucide-icons/lucide/issues/2321)) by [@​jguddas](https://togithub.com/jguddas)
- `scan-eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `view` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
</details>
<details>
<summary>nodejs/node (node)</summary>
### [`v20.16.0`](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
[Compare Source](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
</details>
<details>
<summary>facebook/react (react-refresh)</summary>
### [`v0.14.2`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0142-November-2-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.1...v0.14.2)
##### React DOM
- Fixed bug with development build preventing events from firing in some versions of Internet Explorer & Edge
- Fixed bug with development build when using es5-sham in older versions of Internet Explorer
- Added support for `integrity` attribute
- Fixed bug resulting in `children` prop being coerced to a string for custom elements, which was not the desired behavior
- Moved `react` from `dependencies` to `peerDependencies` to match expectations and align with `react-addons-*` packages
### [`v0.14.1`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#01410-October-14-2020)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.0...v0.14.1)
##### React
- Backport support for the [new JSX transform](https://reactjs.org/blog/2020/09/22/introducing-the-new-jsx-transform.html) to 0.14.x. ([@​lunaruan](https://togithub.com/lunaruan) in [#​18299](https://togithub.com/facebook/react/pull/18299) and [@​gaearon](https://togithub.com/gaearon) in [#​20024](https://togithub.com/facebook/react/pull/20024))
### [`v0.14.0`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0140-October-7-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.13.0...v0.14.0)
##### Major changes
- Split the main `react` package into two: `react` and `react-dom`. This paves the way to writing components that can be shared between the web version of React and React Native. This means you will need to include both files and some functions have been moved from `React` to `ReactDOM`.
- Addons have been moved to separate packages (`react-addons-clone-with-props`, `react-addons-create-fragment`, `react-addons-css-transition-group`, `react-addons-linked-state-mixin`, `react-addons-perf`, `react-addons-pure-render-mixin`, `react-addons-shallow-compare`, `react-addons-test-utils`, `react-addons-transition-group`, `react-addons-update`, `ReactDOM.unstable_batchedUpdates`).
- Stateless functional components - React components were previously created using React.createClass or using ES6 classes. This release adds a [new syntax](https://reactjs.org/docs/reusable-components.html#stateless-functions) where a user defines a single [stateless render function](https://reactjs.org/docs/reusable-components.html#stateless-functions) (with one parameter: `props`) which returns a JSX element, and this function may be used as a component.
- Refs to DOM components as the DOM node itself. Previously the only useful thing you can do with a DOM component is call `getDOMNode()` to get the underlying DOM node. Starting with this release, a ref to a DOM component *is* the actual DOM node. **Note that refs to custom (user-defined) components work exactly as before; only the built-in DOM components are affected by this change.**
##### Breaking changes
- `React.initializeTouchEvents` is no longer necessary and has been removed completely. Touch events now work automatically.
- Add-Ons: Due to the DOM node refs change mentioned above, `TestUtils.findAllInRenderedTree` and related helpers are no longer able to take a DOM component, only a custom component.
- The `props` object is now frozen, so mutating props after creating a component element is no longer supported. In most cases, [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) should be used instead. This change makes your components easier to reason about and enables the compiler optimizations mentioned above.
- Plain objects are no longer supported as React children; arrays should be used instead. You can use the [`createFragment`](https://reactjs.org/docs/create-fragment.html) helper to migrate, which now returns an array.
- Add-Ons: `classSet` has been removed. Use [classnames](https://togithub.com/JedWatson/classnames) instead.
- Web components (custom elements) now use native property names. Eg: `class` instead of `className`.
##### Deprecations
- `this.getDOMNode()` is now deprecated and `ReactDOM.findDOMNode(this)` can be used instead. Note that in the common case, `findDOMNode` is now unnecessary since a ref to the DOM component is now the actual DOM node.
- `setProps` and `replaceProps` are now deprecated. Instead, call ReactDOM.render again at the top level with the new props.
- ES6 component classes must now extend `React.Component` in order to enable stateless function components. The [ES3 module pattern](https://reactjs.org/blog/2015/01/27/react-v0.13.0-beta-1.html#other-languages) will continue to work.
- Reusing and mutating a `style` object between renders has been deprecated. This mirrors our change to freeze the `props` object.
- Add-Ons: `cloneWithProps` is now deprecated. Use [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) instead (unlike `cloneW
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-22 07:12:22 +03:00
|
|
|
[[package]]
|
|
|
|
name = "mio"
|
|
|
|
version = "1.0.2"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "80e04d1dcff3aae0704555fe5fee3bcfaf3d1fdf8a7e521d5b9d2b42acb52cec"
|
|
|
|
dependencies = [
|
|
|
|
"hermit-abi",
|
|
|
|
"libc",
|
|
|
|
"wasi",
|
|
|
|
"windows-sys 0.52.0",
|
|
|
|
]
|
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "nanoid"
|
|
|
|
version = "0.4.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "3ffa00dec017b5b1a8b7cf5e2c008bfda1aa7e0697ac1508b491fdf2622fb4d8"
|
|
|
|
dependencies = [
|
2023-09-04 10:31:00 +03:00
|
|
|
"rand",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "napi"
|
chore: bump up all non-major dependencies (#7925)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type | Update |
|---|---|---|---|---|---|---|---|
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@chromatic-com/storybook](https://togithub.com/chromaui/addon-visual-tests) | [`1.6.1` -> `1.7.0`](https://renovatebot.com/diffs/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [@fal-ai/serverless-client](https://togithub.com/fal-ai/fal-js) ([source](https://togithub.com/fal-ai/fal-js/tree/HEAD/libs/client)) | [`^0.13.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@napi-rs/cli](https://togithub.com/napi-rs/napi-rs) | [`3.0.0-alpha.60` -> `3.0.0-alpha.62`](https://renovatebot.com/diffs/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@playwright/test](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@types/react](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/react) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react)) | [`18.3.3` -> `18.3.4`](https://renovatebot.com/diffs/npm/@types%2freact/18.3.3/18.3.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/css](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/css)) | [`1.15.4` -> `1.15.5`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fcss/1.15.4/1.15.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/vite-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/vite-plugin)) | [`4.0.14` -> `4.0.15`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/webpack-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/webpack-plugin)) | [`2.3.12` -> `2.3.13`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [dayjs](https://day.js.org) ([source](https://togithub.com/iamkun/dayjs)) | [`1.11.12` -> `1.11.13`](https://renovatebot.com/diffs/npm/dayjs/1.11.12/1.11.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [electron](https://togithub.com/electron/electron) | [`32.0.0` -> `32.0.1`](https://renovatebot.com/diffs/npm/electron/32.0.0/32.0.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [embla-carousel-react](https://www.embla-carousel.com) ([source](https://togithub.com/davidjerleke/embla-carousel)) | [`8.1.8` -> `8.2.0`](https://renovatebot.com/diffs/npm/embla-carousel-react/8.1.8/8.2.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [husky](https://togithub.com/typicode/husky) | [`9.1.4` -> `9.1.5`](https://renovatebot.com/diffs/npm/husky/9.1.4/9.1.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [jotai-scope](https://togithub.com/jotaijs/jotai-scope) | [`0.7.1` -> `0.7.2`](https://renovatebot.com/diffs/npm/jotai-scope/0.7.1/0.7.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [lucide-react](https://lucide.dev) ([source](https://togithub.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react)) | [`^0.408.0` -> `^0.429.0`](https://renovatebot.com/diffs/npm/lucide-react/0.408.0/0.429.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [napi](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.7` -> `3.0.0-alpha.8` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [napi-derive](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.6` -> `3.0.0-alpha.7` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [nestjs-throttler-storage-redis](https://togithub.com/kkoomen/nestjs-throttler-storage-redis) | [`^0.4.1` -> `^0.5.0`](https://renovatebot.com/diffs/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [node](https://nodejs.org) ([source](https://togithub.com/nodejs/node)) | `20.15.1` -> `20.16.0` | [![age](https://developer.mend.io/api/mc/badges/age/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor |
| openresty/openresty | `1.25.3.1-0-buster` -> `1.25.3.2-0-buster` | [![age](https://developer.mend.io/api/mc/badges/age/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | final | patch |
| [playwright](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/playwright/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [react-refresh](https://reactjs.org/) ([source](https://togithub.com/facebook/react/tree/HEAD/packages/react)) | [`^0.10.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/react-refresh/0.10.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [serde](https://serde.rs) ([source](https://togithub.com/serde-rs/serde)) | `1.0.204` -> `1.0.208` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [serde_json](https://togithub.com/serde-rs/json) | `1.0.120` -> `1.0.125` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [storybook-dark-mode](https://togithub.com/hipstersmoothie/storybook-dark-mode) | [`4.0.1` -> `4.0.2`](https://renovatebot.com/diffs/npm/storybook-dark-mode/4.0.1/4.0.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dev-dependencies | minor |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | minor |
| [vite](https://vitejs.dev) ([source](https://togithub.com/vitejs/vite/tree/HEAD/packages/vite)) | [`5.4.1` -> `5.4.2`](https://renovatebot.com/diffs/npm/vite/5.4.1/5.4.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [vite-plugin-dts](https://togithub.com/qmhc/vite-plugin-dts) | [`4.0.2` -> `4.0.3`](https://renovatebot.com/diffs/npm/vite-plugin-dts/4.0.2/4.0.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [wrangler](https://togithub.com/cloudflare/workers-sdk) ([source](https://togithub.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler)) | [`3.72.0` -> `3.72.1`](https://renovatebot.com/diffs/npm/wrangler/3.72.0/3.72.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
---
### Release Notes
<details>
<summary>aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)</summary>
### [`v3.635.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#36350-2024-08-20)
[Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.633.0...v3.635.0)
##### Features
- **client-s3:** Amazon Simple Storage Service / Features : Add support for conditional writes for PutObject and CompleteMultipartUpload APIs. ([b474584](https://togithub.com/aws/aws-sdk-js-v3/commit/b474584f2cfb0438fb1007d0594a54cf1a1c2dcb))
- **codegen:** add Smithy RPCv2 CBOR to list of protocols ([#​6096](https://togithub.com/aws/aws-sdk-js-v3/issues/6096)) ([5154d4f](https://togithub.com/aws/aws-sdk-js-v3/commit/5154d4f19bc77a7bad075b35ce135d3b5f60ad1d))
</details>
<details>
<summary>chromaui/addon-visual-tests (@​chromatic-com/storybook)</summary>
### [`v1.7.0`](https://togithub.com/chromaui/addon-visual-tests/blob/HEAD/CHANGELOG.md#v170-Tue-Aug-20-2024)
[Compare Source](https://togithub.com/chromaui/addon-visual-tests/compare/v1.6.1...v1.7.0)
##### 🚀 Enhancement
- Update story status reporting for Storybook 8.3 and use new `SET_FILTER` event [#​332](https://togithub.com/chromaui/addon-visual-tests/pull/332) ([@​ghengeveld](https://togithub.com/ghengeveld))
##### Authors: 1
- Gert Hengeveld ([@​ghengeveld](https://togithub.com/ghengeveld))
***
</details>
<details>
<summary>emotion-js/emotion (@​emotion/react)</summary>
### [`v11.13.3`](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...3f468846855ed1c6092922a6317a6f5df0ba8dcc)
[Compare Source](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...@emotion/react@11.13.3)
</details>
<details>
<summary>fal-ai/fal-js (@​fal-ai/serverless-client)</summary>
### [`v0.14.2`](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
### [`v0.14.1`](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
### [`v0.14.0`](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
</details>
<details>
<summary>napi-rs/napi-rs (@​napi-rs/cli)</summary>
### [`v3.0.0-alpha.62`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
### [`v3.0.0-alpha.61`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
</details>
<details>
<summary>microsoft/playwright (@​playwright/test)</summary>
### [`v1.46.1`](https://togithub.com/microsoft/playwright/compare/v1.46.0...e1c861cfa7a6caf3c5b798786b1e6298c4f3cf31)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.46.0...v1.46.1)
### [`v1.46.0`](https://togithub.com/microsoft/playwright/compare/v1.45.3...99a36310570617222290c09b96a2026beb8b00f9)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.3...v1.46.0)
### [`v1.45.3`](https://togithub.com/microsoft/playwright/compare/v1.45.2...0e130fa8edaf85765c4a5a86bded0e6d33bfd7c2)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.2...v1.45.3)
### [`v1.45.2`](https://togithub.com/microsoft/playwright/compare/v1.45.1...d8a5f3b33193e413b404ff4aa1f71e859d8f1b6b)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.1...v1.45.2)
### [`v1.45.1`](https://togithub.com/microsoft/playwright/compare/v1.45.0...e8989f83d9801cdaadc3803b5341c601c9593947)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.0...v1.45.1)
### [`v1.45.0`](https://togithub.com/microsoft/playwright/compare/v1.44.1...4f3f6eecae490af444dd9298c9eaeb0c596915b7)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.44.1...v1.45.0)
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/css)</summary>
### [`v1.15.5`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/css/CHANGELOG.md#1155)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/css@1.15.4...@vanilla-extract/css@1.15.5)
##### Patch Changes
- [#​1466](https://togithub.com/vanilla-extract-css/vanilla-extract/pull/1466) [`6432199fa0717f424fb3f45fbe36410b03b01c1c`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/6432199fa0717f424fb3f45fbe36410b03b01c1c) Thanks [@​askoufis](https://togithub.com/askoufis)! - Speed up dev prefix generation for long file paths
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/vite-plugin)</summary>
### [`v4.0.15`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/vite-plugin/CHANGELOG.md#4015)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/vite-plugin@4.0.14...@vanilla-extract/vite-plugin@4.0.15)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/webpack-plugin)</summary>
### [`v2.3.13`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/webpack-plugin/CHANGELOG.md#2313)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/webpack-plugin@2.3.12...@vanilla-extract/webpack-plugin@2.3.13)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>zloirock/core-js (core-js)</summary>
### [`v3.38.1`](https://togithub.com/zloirock/core-js/blob/HEAD/CHANGELOG.md#3381---20240820)
[Compare Source](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Changes [v3.38.0...v3.38.1](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Fixed some cases of `URLSearchParams` percent decoding, [#​1357](https://togithub.com/zloirock/core-js/issues/1357), [#​1361](https://togithub.com/zloirock/core-js/pull/1361), thanks [**@​slowcheetah**](https://togithub.com/slowcheetah)
- Some stylistic changes and minor optimizations
- Compat data improvements:
- [`Iterator` helpers proposal](https://togithub.com/tc39/proposal-iterator-helpers) methods marked as [shipped from FF131](https://bugzilla.mozilla.org/show_bug.cgi?id=1896390)
- [`Math.f16round` and `DataView.prototype.{ getFloat16, setFloat16 }`](https://togithub.com/tc39/proposal-float16array) marked as shipped from Bun 1.1.23
- [`RegExp.escape`](https://togithub.com/tc39/proposal-regex-escaping) marked as shipped from Bun 1.1.22
- [`Promise.try`](https://togithub.com/tc39/proposal-promise-try) marked as shipped from Bun 1.1.22
- [`Uint8Array` to / from base64 and hex proposal](https://togithub.com/tc39/proposal-arraybuffer-base64) methods marked as shipped from Bun 1.1.22
- Added Hermes 0.13 compat data, similar to React Native 0.75 Hermes
- Added Opera Android 84 compat data mapping
</details>
<details>
<summary>iamkun/dayjs (dayjs)</summary>
### [`v1.11.13`](https://togithub.com/iamkun/dayjs/compare/v1.11.12...93c8fd0f807b8a8252f4cd65083bb1d6a49b90e7)
[Compare Source](https://togithub.com/iamkun/dayjs/compare/v1.11.12...v1.11.13)
</details>
<details>
<summary>electron/electron (electron)</summary>
### [`v32.0.1`](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
[Compare Source](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
</details>
<details>
<summary>davidjerleke/embla-carousel (embla-carousel-react)</summary>
### [`v8.2.0`](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...6baf1555c6f68e88a7f785213ecf363f447a8b2f)
[Compare Source](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...v8.2.0)
</details>
<details>
<summary>typicode/husky (husky)</summary>
### [`v9.1.5`](https://togithub.com/typicode/husky/compare/v9.1.4...2fee8d212c601942ad146ea9209f15c20a07fb6d)
[Compare Source](https://togithub.com/typicode/husky/compare/v9.1.4...v9.1.5)
</details>
<details>
<summary>jotaijs/jotai-scope (jotai-scope)</summary>
### [`v0.7.2`](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
[Compare Source](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
</details>
<details>
<summary>lucide-icons/lucide (lucide-react)</summary>
### [`v0.429.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.429.0): New icons 0.429.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.428.0...0.429.0)
#### Modified Icons 🔨
- `message-square-dashed` ([#​2374](https://togithub.com/lucide-icons/lucide/issues/2374)) by [@​jguddas](https://togithub.com/jguddas)
- `stethoscope` ([#​2379](https://togithub.com/lucide-icons/lucide/issues/2379)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.428.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.428.0): New icons 0.428.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.427.0...0.428.0)
#### New icons 🎨
- `tickets-plane` ([#​2196](https://togithub.com/lucide-icons/lucide/issues/2196)) by [@​jguddas](https://togithub.com/jguddas)
#### Modified Icons 🔨
- `folder-search` ([#​2354](https://togithub.com/lucide-icons/lucide/issues/2354)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.427.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.427.0): New icons 0.427.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.426.0...0.427.0)
#### New icons 🎨
- `binoculars` ([#​2207](https://togithub.com/lucide-icons/lucide/issues/2207)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `tickets` ([#​2335](https://togithub.com/lucide-icons/lucide/issues/2335)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.426.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.426.0): New icons 0.426.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.425.0...0.426.0)
#### New icons 🎨
- `chevrons-left-right-ellipsis` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
- `ethernet-port` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
#### Modified Icons 🔨
- `cigarette-off` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
- `cigarette` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.425.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.425.0): New icons 0.425.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.424.0...0.425.0)
#### New icons 🎨
- `bandage` ([#​2341](https://togithub.com/lucide-icons/lucide/issues/2341)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `table-of-contents` ([#​2348](https://togithub.com/lucide-icons/lucide/issues/2348)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `mouse-pointer-2` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-ban` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-click` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-dashed-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.424.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.424.0): New icons 0.424.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.423.0...0.424.0)
#### New icons 🎨
- `map-pin-house` ([#​2337](https://togithub.com/lucide-icons/lucide/issues/2337)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `replace-all` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
- `replace` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.423.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.423.0): New icons 0.423.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.422.0...0.423.0)
#### New icons 🎨
- `amphora` ([#​1926](https://togithub.com/lucide-icons/lucide/issues/1926)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.422.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.422.0): New icons 0.422.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.421.0...0.422.0)
#### Modified Icons 🔨
- `skull` ([#​2197](https://togithub.com/lucide-icons/lucide/issues/2197)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.421.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.421.0): New icons 0.421.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.420.0...0.421.0)
#### New icons 🎨
- `microchip` ([#​1982](https://togithub.com/lucide-icons/lucide/issues/1982)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `circle-check-big` ([#​2330](https://togithub.com/lucide-icons/lucide/issues/2330)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-download` ([#​2355](https://togithub.com/lucide-icons/lucide/issues/2355)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `pentagon` ([#​1918](https://togithub.com/lucide-icons/lucide/issues/1918)) by [@​jguddas](https://togithub.com/jguddas)
- `square-check-big` ([#​2331](https://togithub.com/lucide-icons/lucide/issues/2331)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.420.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.420.0): New icons 0.420.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.419.0...0.420.0)
#### New icons 🎨
- `omega` ([#​2347](https://togithub.com/lucide-icons/lucide/issues/2347)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `calendar-search` ([#​2351](https://togithub.com/lucide-icons/lucide/issues/2351)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-upload` ([#​2352](https://togithub.com/lucide-icons/lucide/issues/2352)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.419.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.419.0): New icons 0.419.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.418.0...0.419.0)
#### New icons 🎨
- `circle-fading-arrow-up` ([#​2287](https://togithub.com/lucide-icons/lucide/issues/2287)) by [@​mosch](https://togithub.com/mosch)
### [`v0.418.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.418.0): New icons 0.418.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.417.0...0.418.0)
#### New icons 🎨
- `id-card` ([#​1296](https://togithub.com/lucide-icons/lucide/issues/1296)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.417.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.417.0): New icons 0.417.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.416.0...0.417.0)
#### Modified Icons 🔨
- `chart-column-increasing` ([#​2334](https://togithub.com/lucide-icons/lucide/issues/2334)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.416.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.416.0): New icons 0.416.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.415.0...0.416.0)
#### New icons 🎨
- `map-pin-check-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-check` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `map-pin-off` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pinned` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.415.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.415.0): New icons 0.415.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.414.0...0.415.0)
#### New icons 🎨
- `square-square` ([#​2241](https://togithub.com/lucide-icons/lucide/issues/2241)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.414.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.414.0): New icons 0.414.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.413.0...0.414.0)
#### New icons 🎨
- `chart-area` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-decreasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-big` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-network` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-no-axes-combined` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-spline` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.413.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.413.0): New icons 0.413.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.412.0...0.413.0)
#### New icons 🎨
- `dam` ([#​2233](https://togithub.com/lucide-icons/lucide/issues/2233)) by [@​AndreasSas](https://togithub.com/AndreasSas)
#### Modified Icons 🔨
- `dog` ([#​2249](https://togithub.com/lucide-icons/lucide/issues/2249)) by [@​jguddas](https://togithub.com/jguddas)
- `key-square` ([#​2277](https://togithub.com/lucide-icons/lucide/issues/2277)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.412.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.412.0): New icons 0.412.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.411.0...0.412.0)
#### New icons 🎨
- `letter-text` ([#​2252](https://togithub.com/lucide-icons/lucide/issues/2252)) by [@​GRA0007](https://togithub.com/GRA0007)
### [`v0.411.0`](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
### [`v0.410.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.410.0): New icons 0.410.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.409.0...0.410.0)
#### New icons 🎨
- `philippine-peso` ([#​2231](https://togithub.com/lucide-icons/lucide/issues/2231)) by [@​kasutu](https://togithub.com/kasutu)
#### Modified Icons 🔨
- `ribbon` ([#​2271](https://togithub.com/lucide-icons/lucide/issues/2271)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.409.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.409.0): New icons 0.409.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.408.0...0.409.0)
#### Modified Icons 🔨
- `calendar-minus` ([#​2265](https://togithub.com/lucide-icons/lucide/issues/2265)) by [@​jguddas](https://togithub.com/jguddas)
- `eye-off` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `image-plus` ([#​2321](https://togithub.com/lucide-icons/lucide/issues/2321)) by [@​jguddas](https://togithub.com/jguddas)
- `scan-eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `view` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
</details>
<details>
<summary>nodejs/node (node)</summary>
### [`v20.16.0`](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
[Compare Source](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
</details>
<details>
<summary>facebook/react (react-refresh)</summary>
### [`v0.14.2`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0142-November-2-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.1...v0.14.2)
##### React DOM
- Fixed bug with development build preventing events from firing in some versions of Internet Explorer & Edge
- Fixed bug with development build when using es5-sham in older versions of Internet Explorer
- Added support for `integrity` attribute
- Fixed bug resulting in `children` prop being coerced to a string for custom elements, which was not the desired behavior
- Moved `react` from `dependencies` to `peerDependencies` to match expectations and align with `react-addons-*` packages
### [`v0.14.1`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#01410-October-14-2020)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.0...v0.14.1)
##### React
- Backport support for the [new JSX transform](https://reactjs.org/blog/2020/09/22/introducing-the-new-jsx-transform.html) to 0.14.x. ([@​lunaruan](https://togithub.com/lunaruan) in [#​18299](https://togithub.com/facebook/react/pull/18299) and [@​gaearon](https://togithub.com/gaearon) in [#​20024](https://togithub.com/facebook/react/pull/20024))
### [`v0.14.0`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0140-October-7-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.13.0...v0.14.0)
##### Major changes
- Split the main `react` package into two: `react` and `react-dom`. This paves the way to writing components that can be shared between the web version of React and React Native. This means you will need to include both files and some functions have been moved from `React` to `ReactDOM`.
- Addons have been moved to separate packages (`react-addons-clone-with-props`, `react-addons-create-fragment`, `react-addons-css-transition-group`, `react-addons-linked-state-mixin`, `react-addons-perf`, `react-addons-pure-render-mixin`, `react-addons-shallow-compare`, `react-addons-test-utils`, `react-addons-transition-group`, `react-addons-update`, `ReactDOM.unstable_batchedUpdates`).
- Stateless functional components - React components were previously created using React.createClass or using ES6 classes. This release adds a [new syntax](https://reactjs.org/docs/reusable-components.html#stateless-functions) where a user defines a single [stateless render function](https://reactjs.org/docs/reusable-components.html#stateless-functions) (with one parameter: `props`) which returns a JSX element, and this function may be used as a component.
- Refs to DOM components as the DOM node itself. Previously the only useful thing you can do with a DOM component is call `getDOMNode()` to get the underlying DOM node. Starting with this release, a ref to a DOM component *is* the actual DOM node. **Note that refs to custom (user-defined) components work exactly as before; only the built-in DOM components are affected by this change.**
##### Breaking changes
- `React.initializeTouchEvents` is no longer necessary and has been removed completely. Touch events now work automatically.
- Add-Ons: Due to the DOM node refs change mentioned above, `TestUtils.findAllInRenderedTree` and related helpers are no longer able to take a DOM component, only a custom component.
- The `props` object is now frozen, so mutating props after creating a component element is no longer supported. In most cases, [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) should be used instead. This change makes your components easier to reason about and enables the compiler optimizations mentioned above.
- Plain objects are no longer supported as React children; arrays should be used instead. You can use the [`createFragment`](https://reactjs.org/docs/create-fragment.html) helper to migrate, which now returns an array.
- Add-Ons: `classSet` has been removed. Use [classnames](https://togithub.com/JedWatson/classnames) instead.
- Web components (custom elements) now use native property names. Eg: `class` instead of `className`.
##### Deprecations
- `this.getDOMNode()` is now deprecated and `ReactDOM.findDOMNode(this)` can be used instead. Note that in the common case, `findDOMNode` is now unnecessary since a ref to the DOM component is now the actual DOM node.
- `setProps` and `replaceProps` are now deprecated. Instead, call ReactDOM.render again at the top level with the new props.
- ES6 component classes must now extend `React.Component` in order to enable stateless function components. The [ES3 module pattern](https://reactjs.org/blog/2015/01/27/react-v0.13.0-beta-1.html#other-languages) will continue to work.
- Reusing and mutating a `style` object between renders has been deprecated. This mirrors our change to freeze the `props` object.
- Add-Ons: `cloneWithProps` is now deprecated. Use [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) instead (unlike `cloneW
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-22 07:12:22 +03:00
|
|
|
version = "3.0.0-alpha.8"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
chore: bump up all non-major dependencies (#7925)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type | Update |
|---|---|---|---|---|---|---|---|
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@chromatic-com/storybook](https://togithub.com/chromaui/addon-visual-tests) | [`1.6.1` -> `1.7.0`](https://renovatebot.com/diffs/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [@fal-ai/serverless-client](https://togithub.com/fal-ai/fal-js) ([source](https://togithub.com/fal-ai/fal-js/tree/HEAD/libs/client)) | [`^0.13.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@napi-rs/cli](https://togithub.com/napi-rs/napi-rs) | [`3.0.0-alpha.60` -> `3.0.0-alpha.62`](https://renovatebot.com/diffs/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@playwright/test](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@types/react](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/react) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react)) | [`18.3.3` -> `18.3.4`](https://renovatebot.com/diffs/npm/@types%2freact/18.3.3/18.3.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/css](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/css)) | [`1.15.4` -> `1.15.5`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fcss/1.15.4/1.15.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/vite-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/vite-plugin)) | [`4.0.14` -> `4.0.15`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/webpack-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/webpack-plugin)) | [`2.3.12` -> `2.3.13`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [dayjs](https://day.js.org) ([source](https://togithub.com/iamkun/dayjs)) | [`1.11.12` -> `1.11.13`](https://renovatebot.com/diffs/npm/dayjs/1.11.12/1.11.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [electron](https://togithub.com/electron/electron) | [`32.0.0` -> `32.0.1`](https://renovatebot.com/diffs/npm/electron/32.0.0/32.0.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [embla-carousel-react](https://www.embla-carousel.com) ([source](https://togithub.com/davidjerleke/embla-carousel)) | [`8.1.8` -> `8.2.0`](https://renovatebot.com/diffs/npm/embla-carousel-react/8.1.8/8.2.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [husky](https://togithub.com/typicode/husky) | [`9.1.4` -> `9.1.5`](https://renovatebot.com/diffs/npm/husky/9.1.4/9.1.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [jotai-scope](https://togithub.com/jotaijs/jotai-scope) | [`0.7.1` -> `0.7.2`](https://renovatebot.com/diffs/npm/jotai-scope/0.7.1/0.7.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [lucide-react](https://lucide.dev) ([source](https://togithub.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react)) | [`^0.408.0` -> `^0.429.0`](https://renovatebot.com/diffs/npm/lucide-react/0.408.0/0.429.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [napi](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.7` -> `3.0.0-alpha.8` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [napi-derive](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.6` -> `3.0.0-alpha.7` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [nestjs-throttler-storage-redis](https://togithub.com/kkoomen/nestjs-throttler-storage-redis) | [`^0.4.1` -> `^0.5.0`](https://renovatebot.com/diffs/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [node](https://nodejs.org) ([source](https://togithub.com/nodejs/node)) | `20.15.1` -> `20.16.0` | [![age](https://developer.mend.io/api/mc/badges/age/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor |
| openresty/openresty | `1.25.3.1-0-buster` -> `1.25.3.2-0-buster` | [![age](https://developer.mend.io/api/mc/badges/age/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | final | patch |
| [playwright](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/playwright/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [react-refresh](https://reactjs.org/) ([source](https://togithub.com/facebook/react/tree/HEAD/packages/react)) | [`^0.10.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/react-refresh/0.10.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [serde](https://serde.rs) ([source](https://togithub.com/serde-rs/serde)) | `1.0.204` -> `1.0.208` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [serde_json](https://togithub.com/serde-rs/json) | `1.0.120` -> `1.0.125` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [storybook-dark-mode](https://togithub.com/hipstersmoothie/storybook-dark-mode) | [`4.0.1` -> `4.0.2`](https://renovatebot.com/diffs/npm/storybook-dark-mode/4.0.1/4.0.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dev-dependencies | minor |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | minor |
| [vite](https://vitejs.dev) ([source](https://togithub.com/vitejs/vite/tree/HEAD/packages/vite)) | [`5.4.1` -> `5.4.2`](https://renovatebot.com/diffs/npm/vite/5.4.1/5.4.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [vite-plugin-dts](https://togithub.com/qmhc/vite-plugin-dts) | [`4.0.2` -> `4.0.3`](https://renovatebot.com/diffs/npm/vite-plugin-dts/4.0.2/4.0.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [wrangler](https://togithub.com/cloudflare/workers-sdk) ([source](https://togithub.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler)) | [`3.72.0` -> `3.72.1`](https://renovatebot.com/diffs/npm/wrangler/3.72.0/3.72.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
---
### Release Notes
<details>
<summary>aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)</summary>
### [`v3.635.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#36350-2024-08-20)
[Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.633.0...v3.635.0)
##### Features
- **client-s3:** Amazon Simple Storage Service / Features : Add support for conditional writes for PutObject and CompleteMultipartUpload APIs. ([b474584](https://togithub.com/aws/aws-sdk-js-v3/commit/b474584f2cfb0438fb1007d0594a54cf1a1c2dcb))
- **codegen:** add Smithy RPCv2 CBOR to list of protocols ([#​6096](https://togithub.com/aws/aws-sdk-js-v3/issues/6096)) ([5154d4f](https://togithub.com/aws/aws-sdk-js-v3/commit/5154d4f19bc77a7bad075b35ce135d3b5f60ad1d))
</details>
<details>
<summary>chromaui/addon-visual-tests (@​chromatic-com/storybook)</summary>
### [`v1.7.0`](https://togithub.com/chromaui/addon-visual-tests/blob/HEAD/CHANGELOG.md#v170-Tue-Aug-20-2024)
[Compare Source](https://togithub.com/chromaui/addon-visual-tests/compare/v1.6.1...v1.7.0)
##### 🚀 Enhancement
- Update story status reporting for Storybook 8.3 and use new `SET_FILTER` event [#​332](https://togithub.com/chromaui/addon-visual-tests/pull/332) ([@​ghengeveld](https://togithub.com/ghengeveld))
##### Authors: 1
- Gert Hengeveld ([@​ghengeveld](https://togithub.com/ghengeveld))
***
</details>
<details>
<summary>emotion-js/emotion (@​emotion/react)</summary>
### [`v11.13.3`](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...3f468846855ed1c6092922a6317a6f5df0ba8dcc)
[Compare Source](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...@emotion/react@11.13.3)
</details>
<details>
<summary>fal-ai/fal-js (@​fal-ai/serverless-client)</summary>
### [`v0.14.2`](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
### [`v0.14.1`](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
### [`v0.14.0`](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
</details>
<details>
<summary>napi-rs/napi-rs (@​napi-rs/cli)</summary>
### [`v3.0.0-alpha.62`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
### [`v3.0.0-alpha.61`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
</details>
<details>
<summary>microsoft/playwright (@​playwright/test)</summary>
### [`v1.46.1`](https://togithub.com/microsoft/playwright/compare/v1.46.0...e1c861cfa7a6caf3c5b798786b1e6298c4f3cf31)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.46.0...v1.46.1)
### [`v1.46.0`](https://togithub.com/microsoft/playwright/compare/v1.45.3...99a36310570617222290c09b96a2026beb8b00f9)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.3...v1.46.0)
### [`v1.45.3`](https://togithub.com/microsoft/playwright/compare/v1.45.2...0e130fa8edaf85765c4a5a86bded0e6d33bfd7c2)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.2...v1.45.3)
### [`v1.45.2`](https://togithub.com/microsoft/playwright/compare/v1.45.1...d8a5f3b33193e413b404ff4aa1f71e859d8f1b6b)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.1...v1.45.2)
### [`v1.45.1`](https://togithub.com/microsoft/playwright/compare/v1.45.0...e8989f83d9801cdaadc3803b5341c601c9593947)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.0...v1.45.1)
### [`v1.45.0`](https://togithub.com/microsoft/playwright/compare/v1.44.1...4f3f6eecae490af444dd9298c9eaeb0c596915b7)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.44.1...v1.45.0)
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/css)</summary>
### [`v1.15.5`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/css/CHANGELOG.md#1155)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/css@1.15.4...@vanilla-extract/css@1.15.5)
##### Patch Changes
- [#​1466](https://togithub.com/vanilla-extract-css/vanilla-extract/pull/1466) [`6432199fa0717f424fb3f45fbe36410b03b01c1c`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/6432199fa0717f424fb3f45fbe36410b03b01c1c) Thanks [@​askoufis](https://togithub.com/askoufis)! - Speed up dev prefix generation for long file paths
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/vite-plugin)</summary>
### [`v4.0.15`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/vite-plugin/CHANGELOG.md#4015)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/vite-plugin@4.0.14...@vanilla-extract/vite-plugin@4.0.15)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/webpack-plugin)</summary>
### [`v2.3.13`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/webpack-plugin/CHANGELOG.md#2313)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/webpack-plugin@2.3.12...@vanilla-extract/webpack-plugin@2.3.13)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>zloirock/core-js (core-js)</summary>
### [`v3.38.1`](https://togithub.com/zloirock/core-js/blob/HEAD/CHANGELOG.md#3381---20240820)
[Compare Source](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Changes [v3.38.0...v3.38.1](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Fixed some cases of `URLSearchParams` percent decoding, [#​1357](https://togithub.com/zloirock/core-js/issues/1357), [#​1361](https://togithub.com/zloirock/core-js/pull/1361), thanks [**@​slowcheetah**](https://togithub.com/slowcheetah)
- Some stylistic changes and minor optimizations
- Compat data improvements:
- [`Iterator` helpers proposal](https://togithub.com/tc39/proposal-iterator-helpers) methods marked as [shipped from FF131](https://bugzilla.mozilla.org/show_bug.cgi?id=1896390)
- [`Math.f16round` and `DataView.prototype.{ getFloat16, setFloat16 }`](https://togithub.com/tc39/proposal-float16array) marked as shipped from Bun 1.1.23
- [`RegExp.escape`](https://togithub.com/tc39/proposal-regex-escaping) marked as shipped from Bun 1.1.22
- [`Promise.try`](https://togithub.com/tc39/proposal-promise-try) marked as shipped from Bun 1.1.22
- [`Uint8Array` to / from base64 and hex proposal](https://togithub.com/tc39/proposal-arraybuffer-base64) methods marked as shipped from Bun 1.1.22
- Added Hermes 0.13 compat data, similar to React Native 0.75 Hermes
- Added Opera Android 84 compat data mapping
</details>
<details>
<summary>iamkun/dayjs (dayjs)</summary>
### [`v1.11.13`](https://togithub.com/iamkun/dayjs/compare/v1.11.12...93c8fd0f807b8a8252f4cd65083bb1d6a49b90e7)
[Compare Source](https://togithub.com/iamkun/dayjs/compare/v1.11.12...v1.11.13)
</details>
<details>
<summary>electron/electron (electron)</summary>
### [`v32.0.1`](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
[Compare Source](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
</details>
<details>
<summary>davidjerleke/embla-carousel (embla-carousel-react)</summary>
### [`v8.2.0`](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...6baf1555c6f68e88a7f785213ecf363f447a8b2f)
[Compare Source](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...v8.2.0)
</details>
<details>
<summary>typicode/husky (husky)</summary>
### [`v9.1.5`](https://togithub.com/typicode/husky/compare/v9.1.4...2fee8d212c601942ad146ea9209f15c20a07fb6d)
[Compare Source](https://togithub.com/typicode/husky/compare/v9.1.4...v9.1.5)
</details>
<details>
<summary>jotaijs/jotai-scope (jotai-scope)</summary>
### [`v0.7.2`](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
[Compare Source](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
</details>
<details>
<summary>lucide-icons/lucide (lucide-react)</summary>
### [`v0.429.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.429.0): New icons 0.429.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.428.0...0.429.0)
#### Modified Icons 🔨
- `message-square-dashed` ([#​2374](https://togithub.com/lucide-icons/lucide/issues/2374)) by [@​jguddas](https://togithub.com/jguddas)
- `stethoscope` ([#​2379](https://togithub.com/lucide-icons/lucide/issues/2379)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.428.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.428.0): New icons 0.428.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.427.0...0.428.0)
#### New icons 🎨
- `tickets-plane` ([#​2196](https://togithub.com/lucide-icons/lucide/issues/2196)) by [@​jguddas](https://togithub.com/jguddas)
#### Modified Icons 🔨
- `folder-search` ([#​2354](https://togithub.com/lucide-icons/lucide/issues/2354)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.427.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.427.0): New icons 0.427.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.426.0...0.427.0)
#### New icons 🎨
- `binoculars` ([#​2207](https://togithub.com/lucide-icons/lucide/issues/2207)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `tickets` ([#​2335](https://togithub.com/lucide-icons/lucide/issues/2335)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.426.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.426.0): New icons 0.426.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.425.0...0.426.0)
#### New icons 🎨
- `chevrons-left-right-ellipsis` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
- `ethernet-port` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
#### Modified Icons 🔨
- `cigarette-off` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
- `cigarette` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.425.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.425.0): New icons 0.425.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.424.0...0.425.0)
#### New icons 🎨
- `bandage` ([#​2341](https://togithub.com/lucide-icons/lucide/issues/2341)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `table-of-contents` ([#​2348](https://togithub.com/lucide-icons/lucide/issues/2348)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `mouse-pointer-2` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-ban` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-click` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-dashed-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.424.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.424.0): New icons 0.424.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.423.0...0.424.0)
#### New icons 🎨
- `map-pin-house` ([#​2337](https://togithub.com/lucide-icons/lucide/issues/2337)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `replace-all` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
- `replace` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.423.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.423.0): New icons 0.423.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.422.0...0.423.0)
#### New icons 🎨
- `amphora` ([#​1926](https://togithub.com/lucide-icons/lucide/issues/1926)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.422.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.422.0): New icons 0.422.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.421.0...0.422.0)
#### Modified Icons 🔨
- `skull` ([#​2197](https://togithub.com/lucide-icons/lucide/issues/2197)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.421.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.421.0): New icons 0.421.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.420.0...0.421.0)
#### New icons 🎨
- `microchip` ([#​1982](https://togithub.com/lucide-icons/lucide/issues/1982)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `circle-check-big` ([#​2330](https://togithub.com/lucide-icons/lucide/issues/2330)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-download` ([#​2355](https://togithub.com/lucide-icons/lucide/issues/2355)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `pentagon` ([#​1918](https://togithub.com/lucide-icons/lucide/issues/1918)) by [@​jguddas](https://togithub.com/jguddas)
- `square-check-big` ([#​2331](https://togithub.com/lucide-icons/lucide/issues/2331)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.420.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.420.0): New icons 0.420.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.419.0...0.420.0)
#### New icons 🎨
- `omega` ([#​2347](https://togithub.com/lucide-icons/lucide/issues/2347)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `calendar-search` ([#​2351](https://togithub.com/lucide-icons/lucide/issues/2351)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-upload` ([#​2352](https://togithub.com/lucide-icons/lucide/issues/2352)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.419.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.419.0): New icons 0.419.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.418.0...0.419.0)
#### New icons 🎨
- `circle-fading-arrow-up` ([#​2287](https://togithub.com/lucide-icons/lucide/issues/2287)) by [@​mosch](https://togithub.com/mosch)
### [`v0.418.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.418.0): New icons 0.418.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.417.0...0.418.0)
#### New icons 🎨
- `id-card` ([#​1296](https://togithub.com/lucide-icons/lucide/issues/1296)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.417.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.417.0): New icons 0.417.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.416.0...0.417.0)
#### Modified Icons 🔨
- `chart-column-increasing` ([#​2334](https://togithub.com/lucide-icons/lucide/issues/2334)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.416.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.416.0): New icons 0.416.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.415.0...0.416.0)
#### New icons 🎨
- `map-pin-check-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-check` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `map-pin-off` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pinned` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.415.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.415.0): New icons 0.415.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.414.0...0.415.0)
#### New icons 🎨
- `square-square` ([#​2241](https://togithub.com/lucide-icons/lucide/issues/2241)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.414.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.414.0): New icons 0.414.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.413.0...0.414.0)
#### New icons 🎨
- `chart-area` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-decreasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-big` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-network` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-no-axes-combined` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-spline` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.413.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.413.0): New icons 0.413.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.412.0...0.413.0)
#### New icons 🎨
- `dam` ([#​2233](https://togithub.com/lucide-icons/lucide/issues/2233)) by [@​AndreasSas](https://togithub.com/AndreasSas)
#### Modified Icons 🔨
- `dog` ([#​2249](https://togithub.com/lucide-icons/lucide/issues/2249)) by [@​jguddas](https://togithub.com/jguddas)
- `key-square` ([#​2277](https://togithub.com/lucide-icons/lucide/issues/2277)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.412.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.412.0): New icons 0.412.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.411.0...0.412.0)
#### New icons 🎨
- `letter-text` ([#​2252](https://togithub.com/lucide-icons/lucide/issues/2252)) by [@​GRA0007](https://togithub.com/GRA0007)
### [`v0.411.0`](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
### [`v0.410.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.410.0): New icons 0.410.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.409.0...0.410.0)
#### New icons 🎨
- `philippine-peso` ([#​2231](https://togithub.com/lucide-icons/lucide/issues/2231)) by [@​kasutu](https://togithub.com/kasutu)
#### Modified Icons 🔨
- `ribbon` ([#​2271](https://togithub.com/lucide-icons/lucide/issues/2271)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.409.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.409.0): New icons 0.409.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.408.0...0.409.0)
#### Modified Icons 🔨
- `calendar-minus` ([#​2265](https://togithub.com/lucide-icons/lucide/issues/2265)) by [@​jguddas](https://togithub.com/jguddas)
- `eye-off` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `image-plus` ([#​2321](https://togithub.com/lucide-icons/lucide/issues/2321)) by [@​jguddas](https://togithub.com/jguddas)
- `scan-eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `view` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
</details>
<details>
<summary>nodejs/node (node)</summary>
### [`v20.16.0`](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
[Compare Source](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
</details>
<details>
<summary>facebook/react (react-refresh)</summary>
### [`v0.14.2`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0142-November-2-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.1...v0.14.2)
##### React DOM
- Fixed bug with development build preventing events from firing in some versions of Internet Explorer & Edge
- Fixed bug with development build when using es5-sham in older versions of Internet Explorer
- Added support for `integrity` attribute
- Fixed bug resulting in `children` prop being coerced to a string for custom elements, which was not the desired behavior
- Moved `react` from `dependencies` to `peerDependencies` to match expectations and align with `react-addons-*` packages
### [`v0.14.1`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#01410-October-14-2020)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.0...v0.14.1)
##### React
- Backport support for the [new JSX transform](https://reactjs.org/blog/2020/09/22/introducing-the-new-jsx-transform.html) to 0.14.x. ([@​lunaruan](https://togithub.com/lunaruan) in [#​18299](https://togithub.com/facebook/react/pull/18299) and [@​gaearon](https://togithub.com/gaearon) in [#​20024](https://togithub.com/facebook/react/pull/20024))
### [`v0.14.0`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0140-October-7-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.13.0...v0.14.0)
##### Major changes
- Split the main `react` package into two: `react` and `react-dom`. This paves the way to writing components that can be shared between the web version of React and React Native. This means you will need to include both files and some functions have been moved from `React` to `ReactDOM`.
- Addons have been moved to separate packages (`react-addons-clone-with-props`, `react-addons-create-fragment`, `react-addons-css-transition-group`, `react-addons-linked-state-mixin`, `react-addons-perf`, `react-addons-pure-render-mixin`, `react-addons-shallow-compare`, `react-addons-test-utils`, `react-addons-transition-group`, `react-addons-update`, `ReactDOM.unstable_batchedUpdates`).
- Stateless functional components - React components were previously created using React.createClass or using ES6 classes. This release adds a [new syntax](https://reactjs.org/docs/reusable-components.html#stateless-functions) where a user defines a single [stateless render function](https://reactjs.org/docs/reusable-components.html#stateless-functions) (with one parameter: `props`) which returns a JSX element, and this function may be used as a component.
- Refs to DOM components as the DOM node itself. Previously the only useful thing you can do with a DOM component is call `getDOMNode()` to get the underlying DOM node. Starting with this release, a ref to a DOM component *is* the actual DOM node. **Note that refs to custom (user-defined) components work exactly as before; only the built-in DOM components are affected by this change.**
##### Breaking changes
- `React.initializeTouchEvents` is no longer necessary and has been removed completely. Touch events now work automatically.
- Add-Ons: Due to the DOM node refs change mentioned above, `TestUtils.findAllInRenderedTree` and related helpers are no longer able to take a DOM component, only a custom component.
- The `props` object is now frozen, so mutating props after creating a component element is no longer supported. In most cases, [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) should be used instead. This change makes your components easier to reason about and enables the compiler optimizations mentioned above.
- Plain objects are no longer supported as React children; arrays should be used instead. You can use the [`createFragment`](https://reactjs.org/docs/create-fragment.html) helper to migrate, which now returns an array.
- Add-Ons: `classSet` has been removed. Use [classnames](https://togithub.com/JedWatson/classnames) instead.
- Web components (custom elements) now use native property names. Eg: `class` instead of `className`.
##### Deprecations
- `this.getDOMNode()` is now deprecated and `ReactDOM.findDOMNode(this)` can be used instead. Note that in the common case, `findDOMNode` is now unnecessary since a ref to the DOM component is now the actual DOM node.
- `setProps` and `replaceProps` are now deprecated. Instead, call ReactDOM.render again at the top level with the new props.
- ES6 component classes must now extend `React.Component` in order to enable stateless function components. The [ES3 module pattern](https://reactjs.org/blog/2015/01/27/react-v0.13.0-beta-1.html#other-languages) will continue to work.
- Reusing and mutating a `style` object between renders has been deprecated. This mirrors our change to freeze the `props` object.
- Add-Ons: `cloneWithProps` is now deprecated. Use [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) instead (unlike `cloneW
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-22 07:12:22 +03:00
|
|
|
checksum = "743b5a7769f54c95e20a26d9e66d1b43d5622b7dc8ec8f97b51ed8c58633841f"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"anyhow",
|
2024-09-03 10:42:54 +03:00
|
|
|
"bitflags 2.6.0",
|
2023-08-29 13:07:05 +03:00
|
|
|
"chrono",
|
|
|
|
"ctor",
|
2024-07-06 11:37:27 +03:00
|
|
|
"napi-build",
|
2023-08-29 13:07:05 +03:00
|
|
|
"napi-sys",
|
|
|
|
"once_cell",
|
|
|
|
"serde",
|
|
|
|
"tokio",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "napi-build"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "2.1.3"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "e1c0f5d67ee408a4685b61f5ab7e58605c8ae3f2b4189f0127d804ff13d5560a"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "napi-derive"
|
chore: bump up all non-major dependencies (#7925)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type | Update |
|---|---|---|---|---|---|---|---|
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@chromatic-com/storybook](https://togithub.com/chromaui/addon-visual-tests) | [`1.6.1` -> `1.7.0`](https://renovatebot.com/diffs/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [@fal-ai/serverless-client](https://togithub.com/fal-ai/fal-js) ([source](https://togithub.com/fal-ai/fal-js/tree/HEAD/libs/client)) | [`^0.13.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@napi-rs/cli](https://togithub.com/napi-rs/napi-rs) | [`3.0.0-alpha.60` -> `3.0.0-alpha.62`](https://renovatebot.com/diffs/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@playwright/test](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@types/react](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/react) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react)) | [`18.3.3` -> `18.3.4`](https://renovatebot.com/diffs/npm/@types%2freact/18.3.3/18.3.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/css](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/css)) | [`1.15.4` -> `1.15.5`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fcss/1.15.4/1.15.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/vite-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/vite-plugin)) | [`4.0.14` -> `4.0.15`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/webpack-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/webpack-plugin)) | [`2.3.12` -> `2.3.13`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [dayjs](https://day.js.org) ([source](https://togithub.com/iamkun/dayjs)) | [`1.11.12` -> `1.11.13`](https://renovatebot.com/diffs/npm/dayjs/1.11.12/1.11.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [electron](https://togithub.com/electron/electron) | [`32.0.0` -> `32.0.1`](https://renovatebot.com/diffs/npm/electron/32.0.0/32.0.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [embla-carousel-react](https://www.embla-carousel.com) ([source](https://togithub.com/davidjerleke/embla-carousel)) | [`8.1.8` -> `8.2.0`](https://renovatebot.com/diffs/npm/embla-carousel-react/8.1.8/8.2.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [husky](https://togithub.com/typicode/husky) | [`9.1.4` -> `9.1.5`](https://renovatebot.com/diffs/npm/husky/9.1.4/9.1.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [jotai-scope](https://togithub.com/jotaijs/jotai-scope) | [`0.7.1` -> `0.7.2`](https://renovatebot.com/diffs/npm/jotai-scope/0.7.1/0.7.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [lucide-react](https://lucide.dev) ([source](https://togithub.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react)) | [`^0.408.0` -> `^0.429.0`](https://renovatebot.com/diffs/npm/lucide-react/0.408.0/0.429.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [napi](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.7` -> `3.0.0-alpha.8` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [napi-derive](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.6` -> `3.0.0-alpha.7` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [nestjs-throttler-storage-redis](https://togithub.com/kkoomen/nestjs-throttler-storage-redis) | [`^0.4.1` -> `^0.5.0`](https://renovatebot.com/diffs/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [node](https://nodejs.org) ([source](https://togithub.com/nodejs/node)) | `20.15.1` -> `20.16.0` | [![age](https://developer.mend.io/api/mc/badges/age/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor |
| openresty/openresty | `1.25.3.1-0-buster` -> `1.25.3.2-0-buster` | [![age](https://developer.mend.io/api/mc/badges/age/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | final | patch |
| [playwright](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/playwright/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [react-refresh](https://reactjs.org/) ([source](https://togithub.com/facebook/react/tree/HEAD/packages/react)) | [`^0.10.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/react-refresh/0.10.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [serde](https://serde.rs) ([source](https://togithub.com/serde-rs/serde)) | `1.0.204` -> `1.0.208` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [serde_json](https://togithub.com/serde-rs/json) | `1.0.120` -> `1.0.125` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [storybook-dark-mode](https://togithub.com/hipstersmoothie/storybook-dark-mode) | [`4.0.1` -> `4.0.2`](https://renovatebot.com/diffs/npm/storybook-dark-mode/4.0.1/4.0.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dev-dependencies | minor |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | minor |
| [vite](https://vitejs.dev) ([source](https://togithub.com/vitejs/vite/tree/HEAD/packages/vite)) | [`5.4.1` -> `5.4.2`](https://renovatebot.com/diffs/npm/vite/5.4.1/5.4.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [vite-plugin-dts](https://togithub.com/qmhc/vite-plugin-dts) | [`4.0.2` -> `4.0.3`](https://renovatebot.com/diffs/npm/vite-plugin-dts/4.0.2/4.0.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [wrangler](https://togithub.com/cloudflare/workers-sdk) ([source](https://togithub.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler)) | [`3.72.0` -> `3.72.1`](https://renovatebot.com/diffs/npm/wrangler/3.72.0/3.72.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
---
### Release Notes
<details>
<summary>aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)</summary>
### [`v3.635.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#36350-2024-08-20)
[Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.633.0...v3.635.0)
##### Features
- **client-s3:** Amazon Simple Storage Service / Features : Add support for conditional writes for PutObject and CompleteMultipartUpload APIs. ([b474584](https://togithub.com/aws/aws-sdk-js-v3/commit/b474584f2cfb0438fb1007d0594a54cf1a1c2dcb))
- **codegen:** add Smithy RPCv2 CBOR to list of protocols ([#​6096](https://togithub.com/aws/aws-sdk-js-v3/issues/6096)) ([5154d4f](https://togithub.com/aws/aws-sdk-js-v3/commit/5154d4f19bc77a7bad075b35ce135d3b5f60ad1d))
</details>
<details>
<summary>chromaui/addon-visual-tests (@​chromatic-com/storybook)</summary>
### [`v1.7.0`](https://togithub.com/chromaui/addon-visual-tests/blob/HEAD/CHANGELOG.md#v170-Tue-Aug-20-2024)
[Compare Source](https://togithub.com/chromaui/addon-visual-tests/compare/v1.6.1...v1.7.0)
##### 🚀 Enhancement
- Update story status reporting for Storybook 8.3 and use new `SET_FILTER` event [#​332](https://togithub.com/chromaui/addon-visual-tests/pull/332) ([@​ghengeveld](https://togithub.com/ghengeveld))
##### Authors: 1
- Gert Hengeveld ([@​ghengeveld](https://togithub.com/ghengeveld))
***
</details>
<details>
<summary>emotion-js/emotion (@​emotion/react)</summary>
### [`v11.13.3`](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...3f468846855ed1c6092922a6317a6f5df0ba8dcc)
[Compare Source](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...@emotion/react@11.13.3)
</details>
<details>
<summary>fal-ai/fal-js (@​fal-ai/serverless-client)</summary>
### [`v0.14.2`](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
### [`v0.14.1`](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
### [`v0.14.0`](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
</details>
<details>
<summary>napi-rs/napi-rs (@​napi-rs/cli)</summary>
### [`v3.0.0-alpha.62`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
### [`v3.0.0-alpha.61`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
</details>
<details>
<summary>microsoft/playwright (@​playwright/test)</summary>
### [`v1.46.1`](https://togithub.com/microsoft/playwright/compare/v1.46.0...e1c861cfa7a6caf3c5b798786b1e6298c4f3cf31)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.46.0...v1.46.1)
### [`v1.46.0`](https://togithub.com/microsoft/playwright/compare/v1.45.3...99a36310570617222290c09b96a2026beb8b00f9)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.3...v1.46.0)
### [`v1.45.3`](https://togithub.com/microsoft/playwright/compare/v1.45.2...0e130fa8edaf85765c4a5a86bded0e6d33bfd7c2)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.2...v1.45.3)
### [`v1.45.2`](https://togithub.com/microsoft/playwright/compare/v1.45.1...d8a5f3b33193e413b404ff4aa1f71e859d8f1b6b)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.1...v1.45.2)
### [`v1.45.1`](https://togithub.com/microsoft/playwright/compare/v1.45.0...e8989f83d9801cdaadc3803b5341c601c9593947)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.0...v1.45.1)
### [`v1.45.0`](https://togithub.com/microsoft/playwright/compare/v1.44.1...4f3f6eecae490af444dd9298c9eaeb0c596915b7)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.44.1...v1.45.0)
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/css)</summary>
### [`v1.15.5`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/css/CHANGELOG.md#1155)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/css@1.15.4...@vanilla-extract/css@1.15.5)
##### Patch Changes
- [#​1466](https://togithub.com/vanilla-extract-css/vanilla-extract/pull/1466) [`6432199fa0717f424fb3f45fbe36410b03b01c1c`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/6432199fa0717f424fb3f45fbe36410b03b01c1c) Thanks [@​askoufis](https://togithub.com/askoufis)! - Speed up dev prefix generation for long file paths
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/vite-plugin)</summary>
### [`v4.0.15`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/vite-plugin/CHANGELOG.md#4015)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/vite-plugin@4.0.14...@vanilla-extract/vite-plugin@4.0.15)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/webpack-plugin)</summary>
### [`v2.3.13`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/webpack-plugin/CHANGELOG.md#2313)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/webpack-plugin@2.3.12...@vanilla-extract/webpack-plugin@2.3.13)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>zloirock/core-js (core-js)</summary>
### [`v3.38.1`](https://togithub.com/zloirock/core-js/blob/HEAD/CHANGELOG.md#3381---20240820)
[Compare Source](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Changes [v3.38.0...v3.38.1](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Fixed some cases of `URLSearchParams` percent decoding, [#​1357](https://togithub.com/zloirock/core-js/issues/1357), [#​1361](https://togithub.com/zloirock/core-js/pull/1361), thanks [**@​slowcheetah**](https://togithub.com/slowcheetah)
- Some stylistic changes and minor optimizations
- Compat data improvements:
- [`Iterator` helpers proposal](https://togithub.com/tc39/proposal-iterator-helpers) methods marked as [shipped from FF131](https://bugzilla.mozilla.org/show_bug.cgi?id=1896390)
- [`Math.f16round` and `DataView.prototype.{ getFloat16, setFloat16 }`](https://togithub.com/tc39/proposal-float16array) marked as shipped from Bun 1.1.23
- [`RegExp.escape`](https://togithub.com/tc39/proposal-regex-escaping) marked as shipped from Bun 1.1.22
- [`Promise.try`](https://togithub.com/tc39/proposal-promise-try) marked as shipped from Bun 1.1.22
- [`Uint8Array` to / from base64 and hex proposal](https://togithub.com/tc39/proposal-arraybuffer-base64) methods marked as shipped from Bun 1.1.22
- Added Hermes 0.13 compat data, similar to React Native 0.75 Hermes
- Added Opera Android 84 compat data mapping
</details>
<details>
<summary>iamkun/dayjs (dayjs)</summary>
### [`v1.11.13`](https://togithub.com/iamkun/dayjs/compare/v1.11.12...93c8fd0f807b8a8252f4cd65083bb1d6a49b90e7)
[Compare Source](https://togithub.com/iamkun/dayjs/compare/v1.11.12...v1.11.13)
</details>
<details>
<summary>electron/electron (electron)</summary>
### [`v32.0.1`](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
[Compare Source](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
</details>
<details>
<summary>davidjerleke/embla-carousel (embla-carousel-react)</summary>
### [`v8.2.0`](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...6baf1555c6f68e88a7f785213ecf363f447a8b2f)
[Compare Source](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...v8.2.0)
</details>
<details>
<summary>typicode/husky (husky)</summary>
### [`v9.1.5`](https://togithub.com/typicode/husky/compare/v9.1.4...2fee8d212c601942ad146ea9209f15c20a07fb6d)
[Compare Source](https://togithub.com/typicode/husky/compare/v9.1.4...v9.1.5)
</details>
<details>
<summary>jotaijs/jotai-scope (jotai-scope)</summary>
### [`v0.7.2`](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
[Compare Source](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
</details>
<details>
<summary>lucide-icons/lucide (lucide-react)</summary>
### [`v0.429.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.429.0): New icons 0.429.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.428.0...0.429.0)
#### Modified Icons 🔨
- `message-square-dashed` ([#​2374](https://togithub.com/lucide-icons/lucide/issues/2374)) by [@​jguddas](https://togithub.com/jguddas)
- `stethoscope` ([#​2379](https://togithub.com/lucide-icons/lucide/issues/2379)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.428.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.428.0): New icons 0.428.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.427.0...0.428.0)
#### New icons 🎨
- `tickets-plane` ([#​2196](https://togithub.com/lucide-icons/lucide/issues/2196)) by [@​jguddas](https://togithub.com/jguddas)
#### Modified Icons 🔨
- `folder-search` ([#​2354](https://togithub.com/lucide-icons/lucide/issues/2354)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.427.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.427.0): New icons 0.427.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.426.0...0.427.0)
#### New icons 🎨
- `binoculars` ([#​2207](https://togithub.com/lucide-icons/lucide/issues/2207)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `tickets` ([#​2335](https://togithub.com/lucide-icons/lucide/issues/2335)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.426.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.426.0): New icons 0.426.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.425.0...0.426.0)
#### New icons 🎨
- `chevrons-left-right-ellipsis` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
- `ethernet-port` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
#### Modified Icons 🔨
- `cigarette-off` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
- `cigarette` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.425.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.425.0): New icons 0.425.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.424.0...0.425.0)
#### New icons 🎨
- `bandage` ([#​2341](https://togithub.com/lucide-icons/lucide/issues/2341)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `table-of-contents` ([#​2348](https://togithub.com/lucide-icons/lucide/issues/2348)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `mouse-pointer-2` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-ban` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-click` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-dashed-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.424.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.424.0): New icons 0.424.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.423.0...0.424.0)
#### New icons 🎨
- `map-pin-house` ([#​2337](https://togithub.com/lucide-icons/lucide/issues/2337)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `replace-all` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
- `replace` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.423.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.423.0): New icons 0.423.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.422.0...0.423.0)
#### New icons 🎨
- `amphora` ([#​1926](https://togithub.com/lucide-icons/lucide/issues/1926)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.422.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.422.0): New icons 0.422.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.421.0...0.422.0)
#### Modified Icons 🔨
- `skull` ([#​2197](https://togithub.com/lucide-icons/lucide/issues/2197)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.421.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.421.0): New icons 0.421.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.420.0...0.421.0)
#### New icons 🎨
- `microchip` ([#​1982](https://togithub.com/lucide-icons/lucide/issues/1982)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `circle-check-big` ([#​2330](https://togithub.com/lucide-icons/lucide/issues/2330)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-download` ([#​2355](https://togithub.com/lucide-icons/lucide/issues/2355)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `pentagon` ([#​1918](https://togithub.com/lucide-icons/lucide/issues/1918)) by [@​jguddas](https://togithub.com/jguddas)
- `square-check-big` ([#​2331](https://togithub.com/lucide-icons/lucide/issues/2331)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.420.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.420.0): New icons 0.420.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.419.0...0.420.0)
#### New icons 🎨
- `omega` ([#​2347](https://togithub.com/lucide-icons/lucide/issues/2347)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `calendar-search` ([#​2351](https://togithub.com/lucide-icons/lucide/issues/2351)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-upload` ([#​2352](https://togithub.com/lucide-icons/lucide/issues/2352)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.419.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.419.0): New icons 0.419.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.418.0...0.419.0)
#### New icons 🎨
- `circle-fading-arrow-up` ([#​2287](https://togithub.com/lucide-icons/lucide/issues/2287)) by [@​mosch](https://togithub.com/mosch)
### [`v0.418.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.418.0): New icons 0.418.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.417.0...0.418.0)
#### New icons 🎨
- `id-card` ([#​1296](https://togithub.com/lucide-icons/lucide/issues/1296)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.417.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.417.0): New icons 0.417.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.416.0...0.417.0)
#### Modified Icons 🔨
- `chart-column-increasing` ([#​2334](https://togithub.com/lucide-icons/lucide/issues/2334)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.416.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.416.0): New icons 0.416.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.415.0...0.416.0)
#### New icons 🎨
- `map-pin-check-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-check` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `map-pin-off` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pinned` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.415.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.415.0): New icons 0.415.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.414.0...0.415.0)
#### New icons 🎨
- `square-square` ([#​2241](https://togithub.com/lucide-icons/lucide/issues/2241)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.414.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.414.0): New icons 0.414.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.413.0...0.414.0)
#### New icons 🎨
- `chart-area` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-decreasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-big` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-network` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-no-axes-combined` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-spline` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.413.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.413.0): New icons 0.413.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.412.0...0.413.0)
#### New icons 🎨
- `dam` ([#​2233](https://togithub.com/lucide-icons/lucide/issues/2233)) by [@​AndreasSas](https://togithub.com/AndreasSas)
#### Modified Icons 🔨
- `dog` ([#​2249](https://togithub.com/lucide-icons/lucide/issues/2249)) by [@​jguddas](https://togithub.com/jguddas)
- `key-square` ([#​2277](https://togithub.com/lucide-icons/lucide/issues/2277)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.412.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.412.0): New icons 0.412.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.411.0...0.412.0)
#### New icons 🎨
- `letter-text` ([#​2252](https://togithub.com/lucide-icons/lucide/issues/2252)) by [@​GRA0007](https://togithub.com/GRA0007)
### [`v0.411.0`](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
### [`v0.410.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.410.0): New icons 0.410.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.409.0...0.410.0)
#### New icons 🎨
- `philippine-peso` ([#​2231](https://togithub.com/lucide-icons/lucide/issues/2231)) by [@​kasutu](https://togithub.com/kasutu)
#### Modified Icons 🔨
- `ribbon` ([#​2271](https://togithub.com/lucide-icons/lucide/issues/2271)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.409.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.409.0): New icons 0.409.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.408.0...0.409.0)
#### Modified Icons 🔨
- `calendar-minus` ([#​2265](https://togithub.com/lucide-icons/lucide/issues/2265)) by [@​jguddas](https://togithub.com/jguddas)
- `eye-off` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `image-plus` ([#​2321](https://togithub.com/lucide-icons/lucide/issues/2321)) by [@​jguddas](https://togithub.com/jguddas)
- `scan-eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `view` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
</details>
<details>
<summary>nodejs/node (node)</summary>
### [`v20.16.0`](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
[Compare Source](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
</details>
<details>
<summary>facebook/react (react-refresh)</summary>
### [`v0.14.2`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0142-November-2-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.1...v0.14.2)
##### React DOM
- Fixed bug with development build preventing events from firing in some versions of Internet Explorer & Edge
- Fixed bug with development build when using es5-sham in older versions of Internet Explorer
- Added support for `integrity` attribute
- Fixed bug resulting in `children` prop being coerced to a string for custom elements, which was not the desired behavior
- Moved `react` from `dependencies` to `peerDependencies` to match expectations and align with `react-addons-*` packages
### [`v0.14.1`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#01410-October-14-2020)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.0...v0.14.1)
##### React
- Backport support for the [new JSX transform](https://reactjs.org/blog/2020/09/22/introducing-the-new-jsx-transform.html) to 0.14.x. ([@​lunaruan](https://togithub.com/lunaruan) in [#​18299](https://togithub.com/facebook/react/pull/18299) and [@​gaearon](https://togithub.com/gaearon) in [#​20024](https://togithub.com/facebook/react/pull/20024))
### [`v0.14.0`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0140-October-7-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.13.0...v0.14.0)
##### Major changes
- Split the main `react` package into two: `react` and `react-dom`. This paves the way to writing components that can be shared between the web version of React and React Native. This means you will need to include both files and some functions have been moved from `React` to `ReactDOM`.
- Addons have been moved to separate packages (`react-addons-clone-with-props`, `react-addons-create-fragment`, `react-addons-css-transition-group`, `react-addons-linked-state-mixin`, `react-addons-perf`, `react-addons-pure-render-mixin`, `react-addons-shallow-compare`, `react-addons-test-utils`, `react-addons-transition-group`, `react-addons-update`, `ReactDOM.unstable_batchedUpdates`).
- Stateless functional components - React components were previously created using React.createClass or using ES6 classes. This release adds a [new syntax](https://reactjs.org/docs/reusable-components.html#stateless-functions) where a user defines a single [stateless render function](https://reactjs.org/docs/reusable-components.html#stateless-functions) (with one parameter: `props`) which returns a JSX element, and this function may be used as a component.
- Refs to DOM components as the DOM node itself. Previously the only useful thing you can do with a DOM component is call `getDOMNode()` to get the underlying DOM node. Starting with this release, a ref to a DOM component *is* the actual DOM node. **Note that refs to custom (user-defined) components work exactly as before; only the built-in DOM components are affected by this change.**
##### Breaking changes
- `React.initializeTouchEvents` is no longer necessary and has been removed completely. Touch events now work automatically.
- Add-Ons: Due to the DOM node refs change mentioned above, `TestUtils.findAllInRenderedTree` and related helpers are no longer able to take a DOM component, only a custom component.
- The `props` object is now frozen, so mutating props after creating a component element is no longer supported. In most cases, [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) should be used instead. This change makes your components easier to reason about and enables the compiler optimizations mentioned above.
- Plain objects are no longer supported as React children; arrays should be used instead. You can use the [`createFragment`](https://reactjs.org/docs/create-fragment.html) helper to migrate, which now returns an array.
- Add-Ons: `classSet` has been removed. Use [classnames](https://togithub.com/JedWatson/classnames) instead.
- Web components (custom elements) now use native property names. Eg: `class` instead of `className`.
##### Deprecations
- `this.getDOMNode()` is now deprecated and `ReactDOM.findDOMNode(this)` can be used instead. Note that in the common case, `findDOMNode` is now unnecessary since a ref to the DOM component is now the actual DOM node.
- `setProps` and `replaceProps` are now deprecated. Instead, call ReactDOM.render again at the top level with the new props.
- ES6 component classes must now extend `React.Component` in order to enable stateless function components. The [ES3 module pattern](https://reactjs.org/blog/2015/01/27/react-v0.13.0-beta-1.html#other-languages) will continue to work.
- Reusing and mutating a `style` object between renders has been deprecated. This mirrors our change to freeze the `props` object.
- Add-Ons: `cloneWithProps` is now deprecated. Use [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) instead (unlike `cloneW
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-22 07:12:22 +03:00
|
|
|
version = "3.0.0-alpha.7"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
chore: bump up all non-major dependencies (#7925)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type | Update |
|---|---|---|---|---|---|---|---|
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@chromatic-com/storybook](https://togithub.com/chromaui/addon-visual-tests) | [`1.6.1` -> `1.7.0`](https://renovatebot.com/diffs/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [@fal-ai/serverless-client](https://togithub.com/fal-ai/fal-js) ([source](https://togithub.com/fal-ai/fal-js/tree/HEAD/libs/client)) | [`^0.13.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@napi-rs/cli](https://togithub.com/napi-rs/napi-rs) | [`3.0.0-alpha.60` -> `3.0.0-alpha.62`](https://renovatebot.com/diffs/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@playwright/test](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@types/react](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/react) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react)) | [`18.3.3` -> `18.3.4`](https://renovatebot.com/diffs/npm/@types%2freact/18.3.3/18.3.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/css](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/css)) | [`1.15.4` -> `1.15.5`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fcss/1.15.4/1.15.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/vite-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/vite-plugin)) | [`4.0.14` -> `4.0.15`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/webpack-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/webpack-plugin)) | [`2.3.12` -> `2.3.13`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [dayjs](https://day.js.org) ([source](https://togithub.com/iamkun/dayjs)) | [`1.11.12` -> `1.11.13`](https://renovatebot.com/diffs/npm/dayjs/1.11.12/1.11.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [electron](https://togithub.com/electron/electron) | [`32.0.0` -> `32.0.1`](https://renovatebot.com/diffs/npm/electron/32.0.0/32.0.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [embla-carousel-react](https://www.embla-carousel.com) ([source](https://togithub.com/davidjerleke/embla-carousel)) | [`8.1.8` -> `8.2.0`](https://renovatebot.com/diffs/npm/embla-carousel-react/8.1.8/8.2.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [husky](https://togithub.com/typicode/husky) | [`9.1.4` -> `9.1.5`](https://renovatebot.com/diffs/npm/husky/9.1.4/9.1.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [jotai-scope](https://togithub.com/jotaijs/jotai-scope) | [`0.7.1` -> `0.7.2`](https://renovatebot.com/diffs/npm/jotai-scope/0.7.1/0.7.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [lucide-react](https://lucide.dev) ([source](https://togithub.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react)) | [`^0.408.0` -> `^0.429.0`](https://renovatebot.com/diffs/npm/lucide-react/0.408.0/0.429.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [napi](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.7` -> `3.0.0-alpha.8` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [napi-derive](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.6` -> `3.0.0-alpha.7` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [nestjs-throttler-storage-redis](https://togithub.com/kkoomen/nestjs-throttler-storage-redis) | [`^0.4.1` -> `^0.5.0`](https://renovatebot.com/diffs/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [node](https://nodejs.org) ([source](https://togithub.com/nodejs/node)) | `20.15.1` -> `20.16.0` | [![age](https://developer.mend.io/api/mc/badges/age/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor |
| openresty/openresty | `1.25.3.1-0-buster` -> `1.25.3.2-0-buster` | [![age](https://developer.mend.io/api/mc/badges/age/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | final | patch |
| [playwright](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/playwright/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [react-refresh](https://reactjs.org/) ([source](https://togithub.com/facebook/react/tree/HEAD/packages/react)) | [`^0.10.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/react-refresh/0.10.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [serde](https://serde.rs) ([source](https://togithub.com/serde-rs/serde)) | `1.0.204` -> `1.0.208` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [serde_json](https://togithub.com/serde-rs/json) | `1.0.120` -> `1.0.125` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [storybook-dark-mode](https://togithub.com/hipstersmoothie/storybook-dark-mode) | [`4.0.1` -> `4.0.2`](https://renovatebot.com/diffs/npm/storybook-dark-mode/4.0.1/4.0.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dev-dependencies | minor |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | minor |
| [vite](https://vitejs.dev) ([source](https://togithub.com/vitejs/vite/tree/HEAD/packages/vite)) | [`5.4.1` -> `5.4.2`](https://renovatebot.com/diffs/npm/vite/5.4.1/5.4.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [vite-plugin-dts](https://togithub.com/qmhc/vite-plugin-dts) | [`4.0.2` -> `4.0.3`](https://renovatebot.com/diffs/npm/vite-plugin-dts/4.0.2/4.0.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [wrangler](https://togithub.com/cloudflare/workers-sdk) ([source](https://togithub.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler)) | [`3.72.0` -> `3.72.1`](https://renovatebot.com/diffs/npm/wrangler/3.72.0/3.72.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
---
### Release Notes
<details>
<summary>aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)</summary>
### [`v3.635.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#36350-2024-08-20)
[Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.633.0...v3.635.0)
##### Features
- **client-s3:** Amazon Simple Storage Service / Features : Add support for conditional writes for PutObject and CompleteMultipartUpload APIs. ([b474584](https://togithub.com/aws/aws-sdk-js-v3/commit/b474584f2cfb0438fb1007d0594a54cf1a1c2dcb))
- **codegen:** add Smithy RPCv2 CBOR to list of protocols ([#​6096](https://togithub.com/aws/aws-sdk-js-v3/issues/6096)) ([5154d4f](https://togithub.com/aws/aws-sdk-js-v3/commit/5154d4f19bc77a7bad075b35ce135d3b5f60ad1d))
</details>
<details>
<summary>chromaui/addon-visual-tests (@​chromatic-com/storybook)</summary>
### [`v1.7.0`](https://togithub.com/chromaui/addon-visual-tests/blob/HEAD/CHANGELOG.md#v170-Tue-Aug-20-2024)
[Compare Source](https://togithub.com/chromaui/addon-visual-tests/compare/v1.6.1...v1.7.0)
##### 🚀 Enhancement
- Update story status reporting for Storybook 8.3 and use new `SET_FILTER` event [#​332](https://togithub.com/chromaui/addon-visual-tests/pull/332) ([@​ghengeveld](https://togithub.com/ghengeveld))
##### Authors: 1
- Gert Hengeveld ([@​ghengeveld](https://togithub.com/ghengeveld))
***
</details>
<details>
<summary>emotion-js/emotion (@​emotion/react)</summary>
### [`v11.13.3`](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...3f468846855ed1c6092922a6317a6f5df0ba8dcc)
[Compare Source](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...@emotion/react@11.13.3)
</details>
<details>
<summary>fal-ai/fal-js (@​fal-ai/serverless-client)</summary>
### [`v0.14.2`](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
### [`v0.14.1`](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
### [`v0.14.0`](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
</details>
<details>
<summary>napi-rs/napi-rs (@​napi-rs/cli)</summary>
### [`v3.0.0-alpha.62`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
### [`v3.0.0-alpha.61`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
</details>
<details>
<summary>microsoft/playwright (@​playwright/test)</summary>
### [`v1.46.1`](https://togithub.com/microsoft/playwright/compare/v1.46.0...e1c861cfa7a6caf3c5b798786b1e6298c4f3cf31)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.46.0...v1.46.1)
### [`v1.46.0`](https://togithub.com/microsoft/playwright/compare/v1.45.3...99a36310570617222290c09b96a2026beb8b00f9)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.3...v1.46.0)
### [`v1.45.3`](https://togithub.com/microsoft/playwright/compare/v1.45.2...0e130fa8edaf85765c4a5a86bded0e6d33bfd7c2)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.2...v1.45.3)
### [`v1.45.2`](https://togithub.com/microsoft/playwright/compare/v1.45.1...d8a5f3b33193e413b404ff4aa1f71e859d8f1b6b)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.1...v1.45.2)
### [`v1.45.1`](https://togithub.com/microsoft/playwright/compare/v1.45.0...e8989f83d9801cdaadc3803b5341c601c9593947)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.0...v1.45.1)
### [`v1.45.0`](https://togithub.com/microsoft/playwright/compare/v1.44.1...4f3f6eecae490af444dd9298c9eaeb0c596915b7)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.44.1...v1.45.0)
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/css)</summary>
### [`v1.15.5`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/css/CHANGELOG.md#1155)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/css@1.15.4...@vanilla-extract/css@1.15.5)
##### Patch Changes
- [#​1466](https://togithub.com/vanilla-extract-css/vanilla-extract/pull/1466) [`6432199fa0717f424fb3f45fbe36410b03b01c1c`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/6432199fa0717f424fb3f45fbe36410b03b01c1c) Thanks [@​askoufis](https://togithub.com/askoufis)! - Speed up dev prefix generation for long file paths
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/vite-plugin)</summary>
### [`v4.0.15`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/vite-plugin/CHANGELOG.md#4015)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/vite-plugin@4.0.14...@vanilla-extract/vite-plugin@4.0.15)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/webpack-plugin)</summary>
### [`v2.3.13`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/webpack-plugin/CHANGELOG.md#2313)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/webpack-plugin@2.3.12...@vanilla-extract/webpack-plugin@2.3.13)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>zloirock/core-js (core-js)</summary>
### [`v3.38.1`](https://togithub.com/zloirock/core-js/blob/HEAD/CHANGELOG.md#3381---20240820)
[Compare Source](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Changes [v3.38.0...v3.38.1](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Fixed some cases of `URLSearchParams` percent decoding, [#​1357](https://togithub.com/zloirock/core-js/issues/1357), [#​1361](https://togithub.com/zloirock/core-js/pull/1361), thanks [**@​slowcheetah**](https://togithub.com/slowcheetah)
- Some stylistic changes and minor optimizations
- Compat data improvements:
- [`Iterator` helpers proposal](https://togithub.com/tc39/proposal-iterator-helpers) methods marked as [shipped from FF131](https://bugzilla.mozilla.org/show_bug.cgi?id=1896390)
- [`Math.f16round` and `DataView.prototype.{ getFloat16, setFloat16 }`](https://togithub.com/tc39/proposal-float16array) marked as shipped from Bun 1.1.23
- [`RegExp.escape`](https://togithub.com/tc39/proposal-regex-escaping) marked as shipped from Bun 1.1.22
- [`Promise.try`](https://togithub.com/tc39/proposal-promise-try) marked as shipped from Bun 1.1.22
- [`Uint8Array` to / from base64 and hex proposal](https://togithub.com/tc39/proposal-arraybuffer-base64) methods marked as shipped from Bun 1.1.22
- Added Hermes 0.13 compat data, similar to React Native 0.75 Hermes
- Added Opera Android 84 compat data mapping
</details>
<details>
<summary>iamkun/dayjs (dayjs)</summary>
### [`v1.11.13`](https://togithub.com/iamkun/dayjs/compare/v1.11.12...93c8fd0f807b8a8252f4cd65083bb1d6a49b90e7)
[Compare Source](https://togithub.com/iamkun/dayjs/compare/v1.11.12...v1.11.13)
</details>
<details>
<summary>electron/electron (electron)</summary>
### [`v32.0.1`](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
[Compare Source](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
</details>
<details>
<summary>davidjerleke/embla-carousel (embla-carousel-react)</summary>
### [`v8.2.0`](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...6baf1555c6f68e88a7f785213ecf363f447a8b2f)
[Compare Source](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...v8.2.0)
</details>
<details>
<summary>typicode/husky (husky)</summary>
### [`v9.1.5`](https://togithub.com/typicode/husky/compare/v9.1.4...2fee8d212c601942ad146ea9209f15c20a07fb6d)
[Compare Source](https://togithub.com/typicode/husky/compare/v9.1.4...v9.1.5)
</details>
<details>
<summary>jotaijs/jotai-scope (jotai-scope)</summary>
### [`v0.7.2`](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
[Compare Source](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
</details>
<details>
<summary>lucide-icons/lucide (lucide-react)</summary>
### [`v0.429.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.429.0): New icons 0.429.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.428.0...0.429.0)
#### Modified Icons 🔨
- `message-square-dashed` ([#​2374](https://togithub.com/lucide-icons/lucide/issues/2374)) by [@​jguddas](https://togithub.com/jguddas)
- `stethoscope` ([#​2379](https://togithub.com/lucide-icons/lucide/issues/2379)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.428.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.428.0): New icons 0.428.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.427.0...0.428.0)
#### New icons 🎨
- `tickets-plane` ([#​2196](https://togithub.com/lucide-icons/lucide/issues/2196)) by [@​jguddas](https://togithub.com/jguddas)
#### Modified Icons 🔨
- `folder-search` ([#​2354](https://togithub.com/lucide-icons/lucide/issues/2354)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.427.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.427.0): New icons 0.427.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.426.0...0.427.0)
#### New icons 🎨
- `binoculars` ([#​2207](https://togithub.com/lucide-icons/lucide/issues/2207)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `tickets` ([#​2335](https://togithub.com/lucide-icons/lucide/issues/2335)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.426.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.426.0): New icons 0.426.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.425.0...0.426.0)
#### New icons 🎨
- `chevrons-left-right-ellipsis` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
- `ethernet-port` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
#### Modified Icons 🔨
- `cigarette-off` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
- `cigarette` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.425.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.425.0): New icons 0.425.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.424.0...0.425.0)
#### New icons 🎨
- `bandage` ([#​2341](https://togithub.com/lucide-icons/lucide/issues/2341)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `table-of-contents` ([#​2348](https://togithub.com/lucide-icons/lucide/issues/2348)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `mouse-pointer-2` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-ban` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-click` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-dashed-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.424.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.424.0): New icons 0.424.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.423.0...0.424.0)
#### New icons 🎨
- `map-pin-house` ([#​2337](https://togithub.com/lucide-icons/lucide/issues/2337)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `replace-all` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
- `replace` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.423.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.423.0): New icons 0.423.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.422.0...0.423.0)
#### New icons 🎨
- `amphora` ([#​1926](https://togithub.com/lucide-icons/lucide/issues/1926)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.422.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.422.0): New icons 0.422.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.421.0...0.422.0)
#### Modified Icons 🔨
- `skull` ([#​2197](https://togithub.com/lucide-icons/lucide/issues/2197)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.421.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.421.0): New icons 0.421.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.420.0...0.421.0)
#### New icons 🎨
- `microchip` ([#​1982](https://togithub.com/lucide-icons/lucide/issues/1982)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `circle-check-big` ([#​2330](https://togithub.com/lucide-icons/lucide/issues/2330)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-download` ([#​2355](https://togithub.com/lucide-icons/lucide/issues/2355)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `pentagon` ([#​1918](https://togithub.com/lucide-icons/lucide/issues/1918)) by [@​jguddas](https://togithub.com/jguddas)
- `square-check-big` ([#​2331](https://togithub.com/lucide-icons/lucide/issues/2331)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.420.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.420.0): New icons 0.420.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.419.0...0.420.0)
#### New icons 🎨
- `omega` ([#​2347](https://togithub.com/lucide-icons/lucide/issues/2347)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `calendar-search` ([#​2351](https://togithub.com/lucide-icons/lucide/issues/2351)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-upload` ([#​2352](https://togithub.com/lucide-icons/lucide/issues/2352)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.419.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.419.0): New icons 0.419.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.418.0...0.419.0)
#### New icons 🎨
- `circle-fading-arrow-up` ([#​2287](https://togithub.com/lucide-icons/lucide/issues/2287)) by [@​mosch](https://togithub.com/mosch)
### [`v0.418.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.418.0): New icons 0.418.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.417.0...0.418.0)
#### New icons 🎨
- `id-card` ([#​1296](https://togithub.com/lucide-icons/lucide/issues/1296)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.417.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.417.0): New icons 0.417.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.416.0...0.417.0)
#### Modified Icons 🔨
- `chart-column-increasing` ([#​2334](https://togithub.com/lucide-icons/lucide/issues/2334)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.416.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.416.0): New icons 0.416.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.415.0...0.416.0)
#### New icons 🎨
- `map-pin-check-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-check` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `map-pin-off` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pinned` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.415.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.415.0): New icons 0.415.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.414.0...0.415.0)
#### New icons 🎨
- `square-square` ([#​2241](https://togithub.com/lucide-icons/lucide/issues/2241)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.414.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.414.0): New icons 0.414.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.413.0...0.414.0)
#### New icons 🎨
- `chart-area` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-decreasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-big` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-network` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-no-axes-combined` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-spline` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.413.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.413.0): New icons 0.413.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.412.0...0.413.0)
#### New icons 🎨
- `dam` ([#​2233](https://togithub.com/lucide-icons/lucide/issues/2233)) by [@​AndreasSas](https://togithub.com/AndreasSas)
#### Modified Icons 🔨
- `dog` ([#​2249](https://togithub.com/lucide-icons/lucide/issues/2249)) by [@​jguddas](https://togithub.com/jguddas)
- `key-square` ([#​2277](https://togithub.com/lucide-icons/lucide/issues/2277)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.412.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.412.0): New icons 0.412.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.411.0...0.412.0)
#### New icons 🎨
- `letter-text` ([#​2252](https://togithub.com/lucide-icons/lucide/issues/2252)) by [@​GRA0007](https://togithub.com/GRA0007)
### [`v0.411.0`](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
### [`v0.410.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.410.0): New icons 0.410.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.409.0...0.410.0)
#### New icons 🎨
- `philippine-peso` ([#​2231](https://togithub.com/lucide-icons/lucide/issues/2231)) by [@​kasutu](https://togithub.com/kasutu)
#### Modified Icons 🔨
- `ribbon` ([#​2271](https://togithub.com/lucide-icons/lucide/issues/2271)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.409.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.409.0): New icons 0.409.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.408.0...0.409.0)
#### Modified Icons 🔨
- `calendar-minus` ([#​2265](https://togithub.com/lucide-icons/lucide/issues/2265)) by [@​jguddas](https://togithub.com/jguddas)
- `eye-off` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `image-plus` ([#​2321](https://togithub.com/lucide-icons/lucide/issues/2321)) by [@​jguddas](https://togithub.com/jguddas)
- `scan-eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `view` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
</details>
<details>
<summary>nodejs/node (node)</summary>
### [`v20.16.0`](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
[Compare Source](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
</details>
<details>
<summary>facebook/react (react-refresh)</summary>
### [`v0.14.2`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0142-November-2-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.1...v0.14.2)
##### React DOM
- Fixed bug with development build preventing events from firing in some versions of Internet Explorer & Edge
- Fixed bug with development build when using es5-sham in older versions of Internet Explorer
- Added support for `integrity` attribute
- Fixed bug resulting in `children` prop being coerced to a string for custom elements, which was not the desired behavior
- Moved `react` from `dependencies` to `peerDependencies` to match expectations and align with `react-addons-*` packages
### [`v0.14.1`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#01410-October-14-2020)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.0...v0.14.1)
##### React
- Backport support for the [new JSX transform](https://reactjs.org/blog/2020/09/22/introducing-the-new-jsx-transform.html) to 0.14.x. ([@​lunaruan](https://togithub.com/lunaruan) in [#​18299](https://togithub.com/facebook/react/pull/18299) and [@​gaearon](https://togithub.com/gaearon) in [#​20024](https://togithub.com/facebook/react/pull/20024))
### [`v0.14.0`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0140-October-7-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.13.0...v0.14.0)
##### Major changes
- Split the main `react` package into two: `react` and `react-dom`. This paves the way to writing components that can be shared between the web version of React and React Native. This means you will need to include both files and some functions have been moved from `React` to `ReactDOM`.
- Addons have been moved to separate packages (`react-addons-clone-with-props`, `react-addons-create-fragment`, `react-addons-css-transition-group`, `react-addons-linked-state-mixin`, `react-addons-perf`, `react-addons-pure-render-mixin`, `react-addons-shallow-compare`, `react-addons-test-utils`, `react-addons-transition-group`, `react-addons-update`, `ReactDOM.unstable_batchedUpdates`).
- Stateless functional components - React components were previously created using React.createClass or using ES6 classes. This release adds a [new syntax](https://reactjs.org/docs/reusable-components.html#stateless-functions) where a user defines a single [stateless render function](https://reactjs.org/docs/reusable-components.html#stateless-functions) (with one parameter: `props`) which returns a JSX element, and this function may be used as a component.
- Refs to DOM components as the DOM node itself. Previously the only useful thing you can do with a DOM component is call `getDOMNode()` to get the underlying DOM node. Starting with this release, a ref to a DOM component *is* the actual DOM node. **Note that refs to custom (user-defined) components work exactly as before; only the built-in DOM components are affected by this change.**
##### Breaking changes
- `React.initializeTouchEvents` is no longer necessary and has been removed completely. Touch events now work automatically.
- Add-Ons: Due to the DOM node refs change mentioned above, `TestUtils.findAllInRenderedTree` and related helpers are no longer able to take a DOM component, only a custom component.
- The `props` object is now frozen, so mutating props after creating a component element is no longer supported. In most cases, [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) should be used instead. This change makes your components easier to reason about and enables the compiler optimizations mentioned above.
- Plain objects are no longer supported as React children; arrays should be used instead. You can use the [`createFragment`](https://reactjs.org/docs/create-fragment.html) helper to migrate, which now returns an array.
- Add-Ons: `classSet` has been removed. Use [classnames](https://togithub.com/JedWatson/classnames) instead.
- Web components (custom elements) now use native property names. Eg: `class` instead of `className`.
##### Deprecations
- `this.getDOMNode()` is now deprecated and `ReactDOM.findDOMNode(this)` can be used instead. Note that in the common case, `findDOMNode` is now unnecessary since a ref to the DOM component is now the actual DOM node.
- `setProps` and `replaceProps` are now deprecated. Instead, call ReactDOM.render again at the top level with the new props.
- ES6 component classes must now extend `React.Component` in order to enable stateless function components. The [ES3 module pattern](https://reactjs.org/blog/2015/01/27/react-v0.13.0-beta-1.html#other-languages) will continue to work.
- Reusing and mutating a `style` object between renders has been deprecated. This mirrors our change to freeze the `props` object.
- Add-Ons: `cloneWithProps` is now deprecated. Use [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) instead (unlike `cloneW
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-22 07:12:22 +03:00
|
|
|
checksum = "c7619cfcc3985e1ed73d147d6950caabaedabcf5c98133502f9d18c3d0061320"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"cfg-if",
|
|
|
|
"convert_case",
|
|
|
|
"napi-derive-backend",
|
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"syn",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "napi-derive-backend"
|
chore: bump up all non-major dependencies (#7925)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type | Update |
|---|---|---|---|---|---|---|---|
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@chromatic-com/storybook](https://togithub.com/chromaui/addon-visual-tests) | [`1.6.1` -> `1.7.0`](https://renovatebot.com/diffs/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [@fal-ai/serverless-client](https://togithub.com/fal-ai/fal-js) ([source](https://togithub.com/fal-ai/fal-js/tree/HEAD/libs/client)) | [`^0.13.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@napi-rs/cli](https://togithub.com/napi-rs/napi-rs) | [`3.0.0-alpha.60` -> `3.0.0-alpha.62`](https://renovatebot.com/diffs/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@playwright/test](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@types/react](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/react) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react)) | [`18.3.3` -> `18.3.4`](https://renovatebot.com/diffs/npm/@types%2freact/18.3.3/18.3.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/css](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/css)) | [`1.15.4` -> `1.15.5`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fcss/1.15.4/1.15.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/vite-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/vite-plugin)) | [`4.0.14` -> `4.0.15`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/webpack-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/webpack-plugin)) | [`2.3.12` -> `2.3.13`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [dayjs](https://day.js.org) ([source](https://togithub.com/iamkun/dayjs)) | [`1.11.12` -> `1.11.13`](https://renovatebot.com/diffs/npm/dayjs/1.11.12/1.11.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [electron](https://togithub.com/electron/electron) | [`32.0.0` -> `32.0.1`](https://renovatebot.com/diffs/npm/electron/32.0.0/32.0.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [embla-carousel-react](https://www.embla-carousel.com) ([source](https://togithub.com/davidjerleke/embla-carousel)) | [`8.1.8` -> `8.2.0`](https://renovatebot.com/diffs/npm/embla-carousel-react/8.1.8/8.2.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [husky](https://togithub.com/typicode/husky) | [`9.1.4` -> `9.1.5`](https://renovatebot.com/diffs/npm/husky/9.1.4/9.1.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [jotai-scope](https://togithub.com/jotaijs/jotai-scope) | [`0.7.1` -> `0.7.2`](https://renovatebot.com/diffs/npm/jotai-scope/0.7.1/0.7.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [lucide-react](https://lucide.dev) ([source](https://togithub.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react)) | [`^0.408.0` -> `^0.429.0`](https://renovatebot.com/diffs/npm/lucide-react/0.408.0/0.429.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [napi](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.7` -> `3.0.0-alpha.8` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [napi-derive](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.6` -> `3.0.0-alpha.7` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [nestjs-throttler-storage-redis](https://togithub.com/kkoomen/nestjs-throttler-storage-redis) | [`^0.4.1` -> `^0.5.0`](https://renovatebot.com/diffs/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [node](https://nodejs.org) ([source](https://togithub.com/nodejs/node)) | `20.15.1` -> `20.16.0` | [![age](https://developer.mend.io/api/mc/badges/age/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor |
| openresty/openresty | `1.25.3.1-0-buster` -> `1.25.3.2-0-buster` | [![age](https://developer.mend.io/api/mc/badges/age/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | final | patch |
| [playwright](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/playwright/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [react-refresh](https://reactjs.org/) ([source](https://togithub.com/facebook/react/tree/HEAD/packages/react)) | [`^0.10.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/react-refresh/0.10.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [serde](https://serde.rs) ([source](https://togithub.com/serde-rs/serde)) | `1.0.204` -> `1.0.208` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [serde_json](https://togithub.com/serde-rs/json) | `1.0.120` -> `1.0.125` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [storybook-dark-mode](https://togithub.com/hipstersmoothie/storybook-dark-mode) | [`4.0.1` -> `4.0.2`](https://renovatebot.com/diffs/npm/storybook-dark-mode/4.0.1/4.0.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dev-dependencies | minor |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | minor |
| [vite](https://vitejs.dev) ([source](https://togithub.com/vitejs/vite/tree/HEAD/packages/vite)) | [`5.4.1` -> `5.4.2`](https://renovatebot.com/diffs/npm/vite/5.4.1/5.4.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [vite-plugin-dts](https://togithub.com/qmhc/vite-plugin-dts) | [`4.0.2` -> `4.0.3`](https://renovatebot.com/diffs/npm/vite-plugin-dts/4.0.2/4.0.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [wrangler](https://togithub.com/cloudflare/workers-sdk) ([source](https://togithub.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler)) | [`3.72.0` -> `3.72.1`](https://renovatebot.com/diffs/npm/wrangler/3.72.0/3.72.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
---
### Release Notes
<details>
<summary>aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)</summary>
### [`v3.635.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#36350-2024-08-20)
[Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.633.0...v3.635.0)
##### Features
- **client-s3:** Amazon Simple Storage Service / Features : Add support for conditional writes for PutObject and CompleteMultipartUpload APIs. ([b474584](https://togithub.com/aws/aws-sdk-js-v3/commit/b474584f2cfb0438fb1007d0594a54cf1a1c2dcb))
- **codegen:** add Smithy RPCv2 CBOR to list of protocols ([#​6096](https://togithub.com/aws/aws-sdk-js-v3/issues/6096)) ([5154d4f](https://togithub.com/aws/aws-sdk-js-v3/commit/5154d4f19bc77a7bad075b35ce135d3b5f60ad1d))
</details>
<details>
<summary>chromaui/addon-visual-tests (@​chromatic-com/storybook)</summary>
### [`v1.7.0`](https://togithub.com/chromaui/addon-visual-tests/blob/HEAD/CHANGELOG.md#v170-Tue-Aug-20-2024)
[Compare Source](https://togithub.com/chromaui/addon-visual-tests/compare/v1.6.1...v1.7.0)
##### 🚀 Enhancement
- Update story status reporting for Storybook 8.3 and use new `SET_FILTER` event [#​332](https://togithub.com/chromaui/addon-visual-tests/pull/332) ([@​ghengeveld](https://togithub.com/ghengeveld))
##### Authors: 1
- Gert Hengeveld ([@​ghengeveld](https://togithub.com/ghengeveld))
***
</details>
<details>
<summary>emotion-js/emotion (@​emotion/react)</summary>
### [`v11.13.3`](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...3f468846855ed1c6092922a6317a6f5df0ba8dcc)
[Compare Source](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...@emotion/react@11.13.3)
</details>
<details>
<summary>fal-ai/fal-js (@​fal-ai/serverless-client)</summary>
### [`v0.14.2`](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
### [`v0.14.1`](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
### [`v0.14.0`](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
</details>
<details>
<summary>napi-rs/napi-rs (@​napi-rs/cli)</summary>
### [`v3.0.0-alpha.62`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
### [`v3.0.0-alpha.61`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
</details>
<details>
<summary>microsoft/playwright (@​playwright/test)</summary>
### [`v1.46.1`](https://togithub.com/microsoft/playwright/compare/v1.46.0...e1c861cfa7a6caf3c5b798786b1e6298c4f3cf31)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.46.0...v1.46.1)
### [`v1.46.0`](https://togithub.com/microsoft/playwright/compare/v1.45.3...99a36310570617222290c09b96a2026beb8b00f9)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.3...v1.46.0)
### [`v1.45.3`](https://togithub.com/microsoft/playwright/compare/v1.45.2...0e130fa8edaf85765c4a5a86bded0e6d33bfd7c2)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.2...v1.45.3)
### [`v1.45.2`](https://togithub.com/microsoft/playwright/compare/v1.45.1...d8a5f3b33193e413b404ff4aa1f71e859d8f1b6b)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.1...v1.45.2)
### [`v1.45.1`](https://togithub.com/microsoft/playwright/compare/v1.45.0...e8989f83d9801cdaadc3803b5341c601c9593947)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.0...v1.45.1)
### [`v1.45.0`](https://togithub.com/microsoft/playwright/compare/v1.44.1...4f3f6eecae490af444dd9298c9eaeb0c596915b7)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.44.1...v1.45.0)
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/css)</summary>
### [`v1.15.5`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/css/CHANGELOG.md#1155)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/css@1.15.4...@vanilla-extract/css@1.15.5)
##### Patch Changes
- [#​1466](https://togithub.com/vanilla-extract-css/vanilla-extract/pull/1466) [`6432199fa0717f424fb3f45fbe36410b03b01c1c`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/6432199fa0717f424fb3f45fbe36410b03b01c1c) Thanks [@​askoufis](https://togithub.com/askoufis)! - Speed up dev prefix generation for long file paths
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/vite-plugin)</summary>
### [`v4.0.15`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/vite-plugin/CHANGELOG.md#4015)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/vite-plugin@4.0.14...@vanilla-extract/vite-plugin@4.0.15)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/webpack-plugin)</summary>
### [`v2.3.13`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/webpack-plugin/CHANGELOG.md#2313)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/webpack-plugin@2.3.12...@vanilla-extract/webpack-plugin@2.3.13)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>zloirock/core-js (core-js)</summary>
### [`v3.38.1`](https://togithub.com/zloirock/core-js/blob/HEAD/CHANGELOG.md#3381---20240820)
[Compare Source](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Changes [v3.38.0...v3.38.1](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Fixed some cases of `URLSearchParams` percent decoding, [#​1357](https://togithub.com/zloirock/core-js/issues/1357), [#​1361](https://togithub.com/zloirock/core-js/pull/1361), thanks [**@​slowcheetah**](https://togithub.com/slowcheetah)
- Some stylistic changes and minor optimizations
- Compat data improvements:
- [`Iterator` helpers proposal](https://togithub.com/tc39/proposal-iterator-helpers) methods marked as [shipped from FF131](https://bugzilla.mozilla.org/show_bug.cgi?id=1896390)
- [`Math.f16round` and `DataView.prototype.{ getFloat16, setFloat16 }`](https://togithub.com/tc39/proposal-float16array) marked as shipped from Bun 1.1.23
- [`RegExp.escape`](https://togithub.com/tc39/proposal-regex-escaping) marked as shipped from Bun 1.1.22
- [`Promise.try`](https://togithub.com/tc39/proposal-promise-try) marked as shipped from Bun 1.1.22
- [`Uint8Array` to / from base64 and hex proposal](https://togithub.com/tc39/proposal-arraybuffer-base64) methods marked as shipped from Bun 1.1.22
- Added Hermes 0.13 compat data, similar to React Native 0.75 Hermes
- Added Opera Android 84 compat data mapping
</details>
<details>
<summary>iamkun/dayjs (dayjs)</summary>
### [`v1.11.13`](https://togithub.com/iamkun/dayjs/compare/v1.11.12...93c8fd0f807b8a8252f4cd65083bb1d6a49b90e7)
[Compare Source](https://togithub.com/iamkun/dayjs/compare/v1.11.12...v1.11.13)
</details>
<details>
<summary>electron/electron (electron)</summary>
### [`v32.0.1`](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
[Compare Source](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
</details>
<details>
<summary>davidjerleke/embla-carousel (embla-carousel-react)</summary>
### [`v8.2.0`](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...6baf1555c6f68e88a7f785213ecf363f447a8b2f)
[Compare Source](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...v8.2.0)
</details>
<details>
<summary>typicode/husky (husky)</summary>
### [`v9.1.5`](https://togithub.com/typicode/husky/compare/v9.1.4...2fee8d212c601942ad146ea9209f15c20a07fb6d)
[Compare Source](https://togithub.com/typicode/husky/compare/v9.1.4...v9.1.5)
</details>
<details>
<summary>jotaijs/jotai-scope (jotai-scope)</summary>
### [`v0.7.2`](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
[Compare Source](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
</details>
<details>
<summary>lucide-icons/lucide (lucide-react)</summary>
### [`v0.429.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.429.0): New icons 0.429.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.428.0...0.429.0)
#### Modified Icons 🔨
- `message-square-dashed` ([#​2374](https://togithub.com/lucide-icons/lucide/issues/2374)) by [@​jguddas](https://togithub.com/jguddas)
- `stethoscope` ([#​2379](https://togithub.com/lucide-icons/lucide/issues/2379)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.428.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.428.0): New icons 0.428.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.427.0...0.428.0)
#### New icons 🎨
- `tickets-plane` ([#​2196](https://togithub.com/lucide-icons/lucide/issues/2196)) by [@​jguddas](https://togithub.com/jguddas)
#### Modified Icons 🔨
- `folder-search` ([#​2354](https://togithub.com/lucide-icons/lucide/issues/2354)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.427.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.427.0): New icons 0.427.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.426.0...0.427.0)
#### New icons 🎨
- `binoculars` ([#​2207](https://togithub.com/lucide-icons/lucide/issues/2207)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `tickets` ([#​2335](https://togithub.com/lucide-icons/lucide/issues/2335)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.426.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.426.0): New icons 0.426.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.425.0...0.426.0)
#### New icons 🎨
- `chevrons-left-right-ellipsis` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
- `ethernet-port` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
#### Modified Icons 🔨
- `cigarette-off` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
- `cigarette` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.425.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.425.0): New icons 0.425.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.424.0...0.425.0)
#### New icons 🎨
- `bandage` ([#​2341](https://togithub.com/lucide-icons/lucide/issues/2341)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `table-of-contents` ([#​2348](https://togithub.com/lucide-icons/lucide/issues/2348)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `mouse-pointer-2` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-ban` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-click` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-dashed-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.424.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.424.0): New icons 0.424.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.423.0...0.424.0)
#### New icons 🎨
- `map-pin-house` ([#​2337](https://togithub.com/lucide-icons/lucide/issues/2337)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `replace-all` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
- `replace` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.423.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.423.0): New icons 0.423.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.422.0...0.423.0)
#### New icons 🎨
- `amphora` ([#​1926](https://togithub.com/lucide-icons/lucide/issues/1926)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.422.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.422.0): New icons 0.422.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.421.0...0.422.0)
#### Modified Icons 🔨
- `skull` ([#​2197](https://togithub.com/lucide-icons/lucide/issues/2197)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.421.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.421.0): New icons 0.421.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.420.0...0.421.0)
#### New icons 🎨
- `microchip` ([#​1982](https://togithub.com/lucide-icons/lucide/issues/1982)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `circle-check-big` ([#​2330](https://togithub.com/lucide-icons/lucide/issues/2330)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-download` ([#​2355](https://togithub.com/lucide-icons/lucide/issues/2355)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `pentagon` ([#​1918](https://togithub.com/lucide-icons/lucide/issues/1918)) by [@​jguddas](https://togithub.com/jguddas)
- `square-check-big` ([#​2331](https://togithub.com/lucide-icons/lucide/issues/2331)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.420.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.420.0): New icons 0.420.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.419.0...0.420.0)
#### New icons 🎨
- `omega` ([#​2347](https://togithub.com/lucide-icons/lucide/issues/2347)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `calendar-search` ([#​2351](https://togithub.com/lucide-icons/lucide/issues/2351)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-upload` ([#​2352](https://togithub.com/lucide-icons/lucide/issues/2352)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.419.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.419.0): New icons 0.419.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.418.0...0.419.0)
#### New icons 🎨
- `circle-fading-arrow-up` ([#​2287](https://togithub.com/lucide-icons/lucide/issues/2287)) by [@​mosch](https://togithub.com/mosch)
### [`v0.418.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.418.0): New icons 0.418.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.417.0...0.418.0)
#### New icons 🎨
- `id-card` ([#​1296](https://togithub.com/lucide-icons/lucide/issues/1296)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.417.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.417.0): New icons 0.417.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.416.0...0.417.0)
#### Modified Icons 🔨
- `chart-column-increasing` ([#​2334](https://togithub.com/lucide-icons/lucide/issues/2334)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.416.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.416.0): New icons 0.416.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.415.0...0.416.0)
#### New icons 🎨
- `map-pin-check-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-check` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `map-pin-off` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pinned` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.415.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.415.0): New icons 0.415.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.414.0...0.415.0)
#### New icons 🎨
- `square-square` ([#​2241](https://togithub.com/lucide-icons/lucide/issues/2241)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.414.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.414.0): New icons 0.414.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.413.0...0.414.0)
#### New icons 🎨
- `chart-area` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-decreasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-big` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-network` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-no-axes-combined` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-spline` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.413.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.413.0): New icons 0.413.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.412.0...0.413.0)
#### New icons 🎨
- `dam` ([#​2233](https://togithub.com/lucide-icons/lucide/issues/2233)) by [@​AndreasSas](https://togithub.com/AndreasSas)
#### Modified Icons 🔨
- `dog` ([#​2249](https://togithub.com/lucide-icons/lucide/issues/2249)) by [@​jguddas](https://togithub.com/jguddas)
- `key-square` ([#​2277](https://togithub.com/lucide-icons/lucide/issues/2277)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.412.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.412.0): New icons 0.412.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.411.0...0.412.0)
#### New icons 🎨
- `letter-text` ([#​2252](https://togithub.com/lucide-icons/lucide/issues/2252)) by [@​GRA0007](https://togithub.com/GRA0007)
### [`v0.411.0`](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
### [`v0.410.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.410.0): New icons 0.410.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.409.0...0.410.0)
#### New icons 🎨
- `philippine-peso` ([#​2231](https://togithub.com/lucide-icons/lucide/issues/2231)) by [@​kasutu](https://togithub.com/kasutu)
#### Modified Icons 🔨
- `ribbon` ([#​2271](https://togithub.com/lucide-icons/lucide/issues/2271)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.409.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.409.0): New icons 0.409.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.408.0...0.409.0)
#### Modified Icons 🔨
- `calendar-minus` ([#​2265](https://togithub.com/lucide-icons/lucide/issues/2265)) by [@​jguddas](https://togithub.com/jguddas)
- `eye-off` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `image-plus` ([#​2321](https://togithub.com/lucide-icons/lucide/issues/2321)) by [@​jguddas](https://togithub.com/jguddas)
- `scan-eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `view` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
</details>
<details>
<summary>nodejs/node (node)</summary>
### [`v20.16.0`](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
[Compare Source](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
</details>
<details>
<summary>facebook/react (react-refresh)</summary>
### [`v0.14.2`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0142-November-2-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.1...v0.14.2)
##### React DOM
- Fixed bug with development build preventing events from firing in some versions of Internet Explorer & Edge
- Fixed bug with development build when using es5-sham in older versions of Internet Explorer
- Added support for `integrity` attribute
- Fixed bug resulting in `children` prop being coerced to a string for custom elements, which was not the desired behavior
- Moved `react` from `dependencies` to `peerDependencies` to match expectations and align with `react-addons-*` packages
### [`v0.14.1`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#01410-October-14-2020)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.0...v0.14.1)
##### React
- Backport support for the [new JSX transform](https://reactjs.org/blog/2020/09/22/introducing-the-new-jsx-transform.html) to 0.14.x. ([@​lunaruan](https://togithub.com/lunaruan) in [#​18299](https://togithub.com/facebook/react/pull/18299) and [@​gaearon](https://togithub.com/gaearon) in [#​20024](https://togithub.com/facebook/react/pull/20024))
### [`v0.14.0`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0140-October-7-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.13.0...v0.14.0)
##### Major changes
- Split the main `react` package into two: `react` and `react-dom`. This paves the way to writing components that can be shared between the web version of React and React Native. This means you will need to include both files and some functions have been moved from `React` to `ReactDOM`.
- Addons have been moved to separate packages (`react-addons-clone-with-props`, `react-addons-create-fragment`, `react-addons-css-transition-group`, `react-addons-linked-state-mixin`, `react-addons-perf`, `react-addons-pure-render-mixin`, `react-addons-shallow-compare`, `react-addons-test-utils`, `react-addons-transition-group`, `react-addons-update`, `ReactDOM.unstable_batchedUpdates`).
- Stateless functional components - React components were previously created using React.createClass or using ES6 classes. This release adds a [new syntax](https://reactjs.org/docs/reusable-components.html#stateless-functions) where a user defines a single [stateless render function](https://reactjs.org/docs/reusable-components.html#stateless-functions) (with one parameter: `props`) which returns a JSX element, and this function may be used as a component.
- Refs to DOM components as the DOM node itself. Previously the only useful thing you can do with a DOM component is call `getDOMNode()` to get the underlying DOM node. Starting with this release, a ref to a DOM component *is* the actual DOM node. **Note that refs to custom (user-defined) components work exactly as before; only the built-in DOM components are affected by this change.**
##### Breaking changes
- `React.initializeTouchEvents` is no longer necessary and has been removed completely. Touch events now work automatically.
- Add-Ons: Due to the DOM node refs change mentioned above, `TestUtils.findAllInRenderedTree` and related helpers are no longer able to take a DOM component, only a custom component.
- The `props` object is now frozen, so mutating props after creating a component element is no longer supported. In most cases, [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) should be used instead. This change makes your components easier to reason about and enables the compiler optimizations mentioned above.
- Plain objects are no longer supported as React children; arrays should be used instead. You can use the [`createFragment`](https://reactjs.org/docs/create-fragment.html) helper to migrate, which now returns an array.
- Add-Ons: `classSet` has been removed. Use [classnames](https://togithub.com/JedWatson/classnames) instead.
- Web components (custom elements) now use native property names. Eg: `class` instead of `className`.
##### Deprecations
- `this.getDOMNode()` is now deprecated and `ReactDOM.findDOMNode(this)` can be used instead. Note that in the common case, `findDOMNode` is now unnecessary since a ref to the DOM component is now the actual DOM node.
- `setProps` and `replaceProps` are now deprecated. Instead, call ReactDOM.render again at the top level with the new props.
- ES6 component classes must now extend `React.Component` in order to enable stateless function components. The [ES3 module pattern](https://reactjs.org/blog/2015/01/27/react-v0.13.0-beta-1.html#other-languages) will continue to work.
- Reusing and mutating a `style` object between renders has been deprecated. This mirrors our change to freeze the `props` object.
- Add-Ons: `cloneWithProps` is now deprecated. Use [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) instead (unlike `cloneW
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-22 07:12:22 +03:00
|
|
|
version = "2.0.0-alpha.7"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
chore: bump up all non-major dependencies (#7925)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type | Update |
|---|---|---|---|---|---|---|---|
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@chromatic-com/storybook](https://togithub.com/chromaui/addon-visual-tests) | [`1.6.1` -> `1.7.0`](https://renovatebot.com/diffs/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [@fal-ai/serverless-client](https://togithub.com/fal-ai/fal-js) ([source](https://togithub.com/fal-ai/fal-js/tree/HEAD/libs/client)) | [`^0.13.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@napi-rs/cli](https://togithub.com/napi-rs/napi-rs) | [`3.0.0-alpha.60` -> `3.0.0-alpha.62`](https://renovatebot.com/diffs/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@playwright/test](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@types/react](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/react) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react)) | [`18.3.3` -> `18.3.4`](https://renovatebot.com/diffs/npm/@types%2freact/18.3.3/18.3.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/css](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/css)) | [`1.15.4` -> `1.15.5`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fcss/1.15.4/1.15.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/vite-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/vite-plugin)) | [`4.0.14` -> `4.0.15`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/webpack-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/webpack-plugin)) | [`2.3.12` -> `2.3.13`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [dayjs](https://day.js.org) ([source](https://togithub.com/iamkun/dayjs)) | [`1.11.12` -> `1.11.13`](https://renovatebot.com/diffs/npm/dayjs/1.11.12/1.11.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [electron](https://togithub.com/electron/electron) | [`32.0.0` -> `32.0.1`](https://renovatebot.com/diffs/npm/electron/32.0.0/32.0.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [embla-carousel-react](https://www.embla-carousel.com) ([source](https://togithub.com/davidjerleke/embla-carousel)) | [`8.1.8` -> `8.2.0`](https://renovatebot.com/diffs/npm/embla-carousel-react/8.1.8/8.2.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [husky](https://togithub.com/typicode/husky) | [`9.1.4` -> `9.1.5`](https://renovatebot.com/diffs/npm/husky/9.1.4/9.1.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [jotai-scope](https://togithub.com/jotaijs/jotai-scope) | [`0.7.1` -> `0.7.2`](https://renovatebot.com/diffs/npm/jotai-scope/0.7.1/0.7.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [lucide-react](https://lucide.dev) ([source](https://togithub.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react)) | [`^0.408.0` -> `^0.429.0`](https://renovatebot.com/diffs/npm/lucide-react/0.408.0/0.429.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [napi](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.7` -> `3.0.0-alpha.8` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [napi-derive](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.6` -> `3.0.0-alpha.7` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [nestjs-throttler-storage-redis](https://togithub.com/kkoomen/nestjs-throttler-storage-redis) | [`^0.4.1` -> `^0.5.0`](https://renovatebot.com/diffs/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [node](https://nodejs.org) ([source](https://togithub.com/nodejs/node)) | `20.15.1` -> `20.16.0` | [![age](https://developer.mend.io/api/mc/badges/age/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor |
| openresty/openresty | `1.25.3.1-0-buster` -> `1.25.3.2-0-buster` | [![age](https://developer.mend.io/api/mc/badges/age/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | final | patch |
| [playwright](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/playwright/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [react-refresh](https://reactjs.org/) ([source](https://togithub.com/facebook/react/tree/HEAD/packages/react)) | [`^0.10.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/react-refresh/0.10.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [serde](https://serde.rs) ([source](https://togithub.com/serde-rs/serde)) | `1.0.204` -> `1.0.208` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [serde_json](https://togithub.com/serde-rs/json) | `1.0.120` -> `1.0.125` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [storybook-dark-mode](https://togithub.com/hipstersmoothie/storybook-dark-mode) | [`4.0.1` -> `4.0.2`](https://renovatebot.com/diffs/npm/storybook-dark-mode/4.0.1/4.0.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dev-dependencies | minor |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | minor |
| [vite](https://vitejs.dev) ([source](https://togithub.com/vitejs/vite/tree/HEAD/packages/vite)) | [`5.4.1` -> `5.4.2`](https://renovatebot.com/diffs/npm/vite/5.4.1/5.4.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [vite-plugin-dts](https://togithub.com/qmhc/vite-plugin-dts) | [`4.0.2` -> `4.0.3`](https://renovatebot.com/diffs/npm/vite-plugin-dts/4.0.2/4.0.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [wrangler](https://togithub.com/cloudflare/workers-sdk) ([source](https://togithub.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler)) | [`3.72.0` -> `3.72.1`](https://renovatebot.com/diffs/npm/wrangler/3.72.0/3.72.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
---
### Release Notes
<details>
<summary>aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)</summary>
### [`v3.635.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#36350-2024-08-20)
[Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.633.0...v3.635.0)
##### Features
- **client-s3:** Amazon Simple Storage Service / Features : Add support for conditional writes for PutObject and CompleteMultipartUpload APIs. ([b474584](https://togithub.com/aws/aws-sdk-js-v3/commit/b474584f2cfb0438fb1007d0594a54cf1a1c2dcb))
- **codegen:** add Smithy RPCv2 CBOR to list of protocols ([#​6096](https://togithub.com/aws/aws-sdk-js-v3/issues/6096)) ([5154d4f](https://togithub.com/aws/aws-sdk-js-v3/commit/5154d4f19bc77a7bad075b35ce135d3b5f60ad1d))
</details>
<details>
<summary>chromaui/addon-visual-tests (@​chromatic-com/storybook)</summary>
### [`v1.7.0`](https://togithub.com/chromaui/addon-visual-tests/blob/HEAD/CHANGELOG.md#v170-Tue-Aug-20-2024)
[Compare Source](https://togithub.com/chromaui/addon-visual-tests/compare/v1.6.1...v1.7.0)
##### 🚀 Enhancement
- Update story status reporting for Storybook 8.3 and use new `SET_FILTER` event [#​332](https://togithub.com/chromaui/addon-visual-tests/pull/332) ([@​ghengeveld](https://togithub.com/ghengeveld))
##### Authors: 1
- Gert Hengeveld ([@​ghengeveld](https://togithub.com/ghengeveld))
***
</details>
<details>
<summary>emotion-js/emotion (@​emotion/react)</summary>
### [`v11.13.3`](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...3f468846855ed1c6092922a6317a6f5df0ba8dcc)
[Compare Source](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...@emotion/react@11.13.3)
</details>
<details>
<summary>fal-ai/fal-js (@​fal-ai/serverless-client)</summary>
### [`v0.14.2`](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
### [`v0.14.1`](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
### [`v0.14.0`](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
</details>
<details>
<summary>napi-rs/napi-rs (@​napi-rs/cli)</summary>
### [`v3.0.0-alpha.62`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
### [`v3.0.0-alpha.61`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
</details>
<details>
<summary>microsoft/playwright (@​playwright/test)</summary>
### [`v1.46.1`](https://togithub.com/microsoft/playwright/compare/v1.46.0...e1c861cfa7a6caf3c5b798786b1e6298c4f3cf31)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.46.0...v1.46.1)
### [`v1.46.0`](https://togithub.com/microsoft/playwright/compare/v1.45.3...99a36310570617222290c09b96a2026beb8b00f9)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.3...v1.46.0)
### [`v1.45.3`](https://togithub.com/microsoft/playwright/compare/v1.45.2...0e130fa8edaf85765c4a5a86bded0e6d33bfd7c2)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.2...v1.45.3)
### [`v1.45.2`](https://togithub.com/microsoft/playwright/compare/v1.45.1...d8a5f3b33193e413b404ff4aa1f71e859d8f1b6b)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.1...v1.45.2)
### [`v1.45.1`](https://togithub.com/microsoft/playwright/compare/v1.45.0...e8989f83d9801cdaadc3803b5341c601c9593947)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.0...v1.45.1)
### [`v1.45.0`](https://togithub.com/microsoft/playwright/compare/v1.44.1...4f3f6eecae490af444dd9298c9eaeb0c596915b7)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.44.1...v1.45.0)
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/css)</summary>
### [`v1.15.5`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/css/CHANGELOG.md#1155)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/css@1.15.4...@vanilla-extract/css@1.15.5)
##### Patch Changes
- [#​1466](https://togithub.com/vanilla-extract-css/vanilla-extract/pull/1466) [`6432199fa0717f424fb3f45fbe36410b03b01c1c`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/6432199fa0717f424fb3f45fbe36410b03b01c1c) Thanks [@​askoufis](https://togithub.com/askoufis)! - Speed up dev prefix generation for long file paths
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/vite-plugin)</summary>
### [`v4.0.15`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/vite-plugin/CHANGELOG.md#4015)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/vite-plugin@4.0.14...@vanilla-extract/vite-plugin@4.0.15)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/webpack-plugin)</summary>
### [`v2.3.13`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/webpack-plugin/CHANGELOG.md#2313)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/webpack-plugin@2.3.12...@vanilla-extract/webpack-plugin@2.3.13)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>zloirock/core-js (core-js)</summary>
### [`v3.38.1`](https://togithub.com/zloirock/core-js/blob/HEAD/CHANGELOG.md#3381---20240820)
[Compare Source](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Changes [v3.38.0...v3.38.1](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Fixed some cases of `URLSearchParams` percent decoding, [#​1357](https://togithub.com/zloirock/core-js/issues/1357), [#​1361](https://togithub.com/zloirock/core-js/pull/1361), thanks [**@​slowcheetah**](https://togithub.com/slowcheetah)
- Some stylistic changes and minor optimizations
- Compat data improvements:
- [`Iterator` helpers proposal](https://togithub.com/tc39/proposal-iterator-helpers) methods marked as [shipped from FF131](https://bugzilla.mozilla.org/show_bug.cgi?id=1896390)
- [`Math.f16round` and `DataView.prototype.{ getFloat16, setFloat16 }`](https://togithub.com/tc39/proposal-float16array) marked as shipped from Bun 1.1.23
- [`RegExp.escape`](https://togithub.com/tc39/proposal-regex-escaping) marked as shipped from Bun 1.1.22
- [`Promise.try`](https://togithub.com/tc39/proposal-promise-try) marked as shipped from Bun 1.1.22
- [`Uint8Array` to / from base64 and hex proposal](https://togithub.com/tc39/proposal-arraybuffer-base64) methods marked as shipped from Bun 1.1.22
- Added Hermes 0.13 compat data, similar to React Native 0.75 Hermes
- Added Opera Android 84 compat data mapping
</details>
<details>
<summary>iamkun/dayjs (dayjs)</summary>
### [`v1.11.13`](https://togithub.com/iamkun/dayjs/compare/v1.11.12...93c8fd0f807b8a8252f4cd65083bb1d6a49b90e7)
[Compare Source](https://togithub.com/iamkun/dayjs/compare/v1.11.12...v1.11.13)
</details>
<details>
<summary>electron/electron (electron)</summary>
### [`v32.0.1`](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
[Compare Source](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
</details>
<details>
<summary>davidjerleke/embla-carousel (embla-carousel-react)</summary>
### [`v8.2.0`](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...6baf1555c6f68e88a7f785213ecf363f447a8b2f)
[Compare Source](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...v8.2.0)
</details>
<details>
<summary>typicode/husky (husky)</summary>
### [`v9.1.5`](https://togithub.com/typicode/husky/compare/v9.1.4...2fee8d212c601942ad146ea9209f15c20a07fb6d)
[Compare Source](https://togithub.com/typicode/husky/compare/v9.1.4...v9.1.5)
</details>
<details>
<summary>jotaijs/jotai-scope (jotai-scope)</summary>
### [`v0.7.2`](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
[Compare Source](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
</details>
<details>
<summary>lucide-icons/lucide (lucide-react)</summary>
### [`v0.429.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.429.0): New icons 0.429.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.428.0...0.429.0)
#### Modified Icons 🔨
- `message-square-dashed` ([#​2374](https://togithub.com/lucide-icons/lucide/issues/2374)) by [@​jguddas](https://togithub.com/jguddas)
- `stethoscope` ([#​2379](https://togithub.com/lucide-icons/lucide/issues/2379)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.428.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.428.0): New icons 0.428.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.427.0...0.428.0)
#### New icons 🎨
- `tickets-plane` ([#​2196](https://togithub.com/lucide-icons/lucide/issues/2196)) by [@​jguddas](https://togithub.com/jguddas)
#### Modified Icons 🔨
- `folder-search` ([#​2354](https://togithub.com/lucide-icons/lucide/issues/2354)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.427.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.427.0): New icons 0.427.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.426.0...0.427.0)
#### New icons 🎨
- `binoculars` ([#​2207](https://togithub.com/lucide-icons/lucide/issues/2207)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `tickets` ([#​2335](https://togithub.com/lucide-icons/lucide/issues/2335)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.426.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.426.0): New icons 0.426.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.425.0...0.426.0)
#### New icons 🎨
- `chevrons-left-right-ellipsis` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
- `ethernet-port` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
#### Modified Icons 🔨
- `cigarette-off` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
- `cigarette` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.425.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.425.0): New icons 0.425.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.424.0...0.425.0)
#### New icons 🎨
- `bandage` ([#​2341](https://togithub.com/lucide-icons/lucide/issues/2341)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `table-of-contents` ([#​2348](https://togithub.com/lucide-icons/lucide/issues/2348)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `mouse-pointer-2` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-ban` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-click` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-dashed-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.424.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.424.0): New icons 0.424.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.423.0...0.424.0)
#### New icons 🎨
- `map-pin-house` ([#​2337](https://togithub.com/lucide-icons/lucide/issues/2337)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `replace-all` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
- `replace` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.423.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.423.0): New icons 0.423.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.422.0...0.423.0)
#### New icons 🎨
- `amphora` ([#​1926](https://togithub.com/lucide-icons/lucide/issues/1926)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.422.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.422.0): New icons 0.422.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.421.0...0.422.0)
#### Modified Icons 🔨
- `skull` ([#​2197](https://togithub.com/lucide-icons/lucide/issues/2197)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.421.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.421.0): New icons 0.421.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.420.0...0.421.0)
#### New icons 🎨
- `microchip` ([#​1982](https://togithub.com/lucide-icons/lucide/issues/1982)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `circle-check-big` ([#​2330](https://togithub.com/lucide-icons/lucide/issues/2330)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-download` ([#​2355](https://togithub.com/lucide-icons/lucide/issues/2355)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `pentagon` ([#​1918](https://togithub.com/lucide-icons/lucide/issues/1918)) by [@​jguddas](https://togithub.com/jguddas)
- `square-check-big` ([#​2331](https://togithub.com/lucide-icons/lucide/issues/2331)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.420.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.420.0): New icons 0.420.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.419.0...0.420.0)
#### New icons 🎨
- `omega` ([#​2347](https://togithub.com/lucide-icons/lucide/issues/2347)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `calendar-search` ([#​2351](https://togithub.com/lucide-icons/lucide/issues/2351)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-upload` ([#​2352](https://togithub.com/lucide-icons/lucide/issues/2352)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.419.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.419.0): New icons 0.419.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.418.0...0.419.0)
#### New icons 🎨
- `circle-fading-arrow-up` ([#​2287](https://togithub.com/lucide-icons/lucide/issues/2287)) by [@​mosch](https://togithub.com/mosch)
### [`v0.418.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.418.0): New icons 0.418.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.417.0...0.418.0)
#### New icons 🎨
- `id-card` ([#​1296](https://togithub.com/lucide-icons/lucide/issues/1296)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.417.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.417.0): New icons 0.417.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.416.0...0.417.0)
#### Modified Icons 🔨
- `chart-column-increasing` ([#​2334](https://togithub.com/lucide-icons/lucide/issues/2334)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.416.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.416.0): New icons 0.416.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.415.0...0.416.0)
#### New icons 🎨
- `map-pin-check-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-check` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `map-pin-off` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pinned` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.415.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.415.0): New icons 0.415.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.414.0...0.415.0)
#### New icons 🎨
- `square-square` ([#​2241](https://togithub.com/lucide-icons/lucide/issues/2241)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.414.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.414.0): New icons 0.414.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.413.0...0.414.0)
#### New icons 🎨
- `chart-area` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-decreasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-big` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-network` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-no-axes-combined` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-spline` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.413.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.413.0): New icons 0.413.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.412.0...0.413.0)
#### New icons 🎨
- `dam` ([#​2233](https://togithub.com/lucide-icons/lucide/issues/2233)) by [@​AndreasSas](https://togithub.com/AndreasSas)
#### Modified Icons 🔨
- `dog` ([#​2249](https://togithub.com/lucide-icons/lucide/issues/2249)) by [@​jguddas](https://togithub.com/jguddas)
- `key-square` ([#​2277](https://togithub.com/lucide-icons/lucide/issues/2277)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.412.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.412.0): New icons 0.412.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.411.0...0.412.0)
#### New icons 🎨
- `letter-text` ([#​2252](https://togithub.com/lucide-icons/lucide/issues/2252)) by [@​GRA0007](https://togithub.com/GRA0007)
### [`v0.411.0`](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
### [`v0.410.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.410.0): New icons 0.410.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.409.0...0.410.0)
#### New icons 🎨
- `philippine-peso` ([#​2231](https://togithub.com/lucide-icons/lucide/issues/2231)) by [@​kasutu](https://togithub.com/kasutu)
#### Modified Icons 🔨
- `ribbon` ([#​2271](https://togithub.com/lucide-icons/lucide/issues/2271)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.409.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.409.0): New icons 0.409.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.408.0...0.409.0)
#### Modified Icons 🔨
- `calendar-minus` ([#​2265](https://togithub.com/lucide-icons/lucide/issues/2265)) by [@​jguddas](https://togithub.com/jguddas)
- `eye-off` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `image-plus` ([#​2321](https://togithub.com/lucide-icons/lucide/issues/2321)) by [@​jguddas](https://togithub.com/jguddas)
- `scan-eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `view` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
</details>
<details>
<summary>nodejs/node (node)</summary>
### [`v20.16.0`](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
[Compare Source](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
</details>
<details>
<summary>facebook/react (react-refresh)</summary>
### [`v0.14.2`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0142-November-2-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.1...v0.14.2)
##### React DOM
- Fixed bug with development build preventing events from firing in some versions of Internet Explorer & Edge
- Fixed bug with development build when using es5-sham in older versions of Internet Explorer
- Added support for `integrity` attribute
- Fixed bug resulting in `children` prop being coerced to a string for custom elements, which was not the desired behavior
- Moved `react` from `dependencies` to `peerDependencies` to match expectations and align with `react-addons-*` packages
### [`v0.14.1`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#01410-October-14-2020)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.0...v0.14.1)
##### React
- Backport support for the [new JSX transform](https://reactjs.org/blog/2020/09/22/introducing-the-new-jsx-transform.html) to 0.14.x. ([@​lunaruan](https://togithub.com/lunaruan) in [#​18299](https://togithub.com/facebook/react/pull/18299) and [@​gaearon](https://togithub.com/gaearon) in [#​20024](https://togithub.com/facebook/react/pull/20024))
### [`v0.14.0`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0140-October-7-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.13.0...v0.14.0)
##### Major changes
- Split the main `react` package into two: `react` and `react-dom`. This paves the way to writing components that can be shared between the web version of React and React Native. This means you will need to include both files and some functions have been moved from `React` to `ReactDOM`.
- Addons have been moved to separate packages (`react-addons-clone-with-props`, `react-addons-create-fragment`, `react-addons-css-transition-group`, `react-addons-linked-state-mixin`, `react-addons-perf`, `react-addons-pure-render-mixin`, `react-addons-shallow-compare`, `react-addons-test-utils`, `react-addons-transition-group`, `react-addons-update`, `ReactDOM.unstable_batchedUpdates`).
- Stateless functional components - React components were previously created using React.createClass or using ES6 classes. This release adds a [new syntax](https://reactjs.org/docs/reusable-components.html#stateless-functions) where a user defines a single [stateless render function](https://reactjs.org/docs/reusable-components.html#stateless-functions) (with one parameter: `props`) which returns a JSX element, and this function may be used as a component.
- Refs to DOM components as the DOM node itself. Previously the only useful thing you can do with a DOM component is call `getDOMNode()` to get the underlying DOM node. Starting with this release, a ref to a DOM component *is* the actual DOM node. **Note that refs to custom (user-defined) components work exactly as before; only the built-in DOM components are affected by this change.**
##### Breaking changes
- `React.initializeTouchEvents` is no longer necessary and has been removed completely. Touch events now work automatically.
- Add-Ons: Due to the DOM node refs change mentioned above, `TestUtils.findAllInRenderedTree` and related helpers are no longer able to take a DOM component, only a custom component.
- The `props` object is now frozen, so mutating props after creating a component element is no longer supported. In most cases, [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) should be used instead. This change makes your components easier to reason about and enables the compiler optimizations mentioned above.
- Plain objects are no longer supported as React children; arrays should be used instead. You can use the [`createFragment`](https://reactjs.org/docs/create-fragment.html) helper to migrate, which now returns an array.
- Add-Ons: `classSet` has been removed. Use [classnames](https://togithub.com/JedWatson/classnames) instead.
- Web components (custom elements) now use native property names. Eg: `class` instead of `className`.
##### Deprecations
- `this.getDOMNode()` is now deprecated and `ReactDOM.findDOMNode(this)` can be used instead. Note that in the common case, `findDOMNode` is now unnecessary since a ref to the DOM component is now the actual DOM node.
- `setProps` and `replaceProps` are now deprecated. Instead, call ReactDOM.render again at the top level with the new props.
- ES6 component classes must now extend `React.Component` in order to enable stateless function components. The [ES3 module pattern](https://reactjs.org/blog/2015/01/27/react-v0.13.0-beta-1.html#other-languages) will continue to work.
- Reusing and mutating a `style` object between renders has been deprecated. This mirrors our change to freeze the `props` object.
- Add-Ons: `cloneWithProps` is now deprecated. Use [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) instead (unlike `cloneW
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-22 07:12:22 +03:00
|
|
|
checksum = "584f6a91c05e8c6bf80622fcc2675c7d27934754d4f1141cfd422d531a3f51fb"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"convert_case",
|
|
|
|
"once_cell",
|
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
|
|
|
"regex",
|
|
|
|
"semver",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"syn",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "napi-sys"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "2.4.0"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "427802e8ec3a734331fec1035594a210ce1ff4dc5bc1950530920ab717964ea3"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"libloading",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "nom"
|
|
|
|
version = "7.1.3"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a"
|
|
|
|
dependencies = [
|
|
|
|
"memchr",
|
|
|
|
"minimal-lexical",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "notify"
|
2023-08-31 11:39:19 +03:00
|
|
|
version = "6.1.1"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-31 11:39:19 +03:00
|
|
|
checksum = "6205bd8bb1e454ad2e27422015fb5e4f2bcc7e08fa8f27058670d208324a4d2d"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
2024-09-03 10:42:54 +03:00
|
|
|
"bitflags 2.6.0",
|
2023-08-29 13:07:05 +03:00
|
|
|
"crossbeam-channel",
|
|
|
|
"filetime",
|
|
|
|
"fsevent-sys",
|
|
|
|
"inotify",
|
|
|
|
"kqueue",
|
|
|
|
"libc",
|
2023-08-31 11:39:19 +03:00
|
|
|
"log",
|
chore: bump up all non-major dependencies (#7925)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type | Update |
|---|---|---|---|---|---|---|---|
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@chromatic-com/storybook](https://togithub.com/chromaui/addon-visual-tests) | [`1.6.1` -> `1.7.0`](https://renovatebot.com/diffs/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [@fal-ai/serverless-client](https://togithub.com/fal-ai/fal-js) ([source](https://togithub.com/fal-ai/fal-js/tree/HEAD/libs/client)) | [`^0.13.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@napi-rs/cli](https://togithub.com/napi-rs/napi-rs) | [`3.0.0-alpha.60` -> `3.0.0-alpha.62`](https://renovatebot.com/diffs/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@playwright/test](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@types/react](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/react) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react)) | [`18.3.3` -> `18.3.4`](https://renovatebot.com/diffs/npm/@types%2freact/18.3.3/18.3.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/css](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/css)) | [`1.15.4` -> `1.15.5`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fcss/1.15.4/1.15.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/vite-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/vite-plugin)) | [`4.0.14` -> `4.0.15`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/webpack-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/webpack-plugin)) | [`2.3.12` -> `2.3.13`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [dayjs](https://day.js.org) ([source](https://togithub.com/iamkun/dayjs)) | [`1.11.12` -> `1.11.13`](https://renovatebot.com/diffs/npm/dayjs/1.11.12/1.11.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [electron](https://togithub.com/electron/electron) | [`32.0.0` -> `32.0.1`](https://renovatebot.com/diffs/npm/electron/32.0.0/32.0.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [embla-carousel-react](https://www.embla-carousel.com) ([source](https://togithub.com/davidjerleke/embla-carousel)) | [`8.1.8` -> `8.2.0`](https://renovatebot.com/diffs/npm/embla-carousel-react/8.1.8/8.2.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [husky](https://togithub.com/typicode/husky) | [`9.1.4` -> `9.1.5`](https://renovatebot.com/diffs/npm/husky/9.1.4/9.1.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [jotai-scope](https://togithub.com/jotaijs/jotai-scope) | [`0.7.1` -> `0.7.2`](https://renovatebot.com/diffs/npm/jotai-scope/0.7.1/0.7.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [lucide-react](https://lucide.dev) ([source](https://togithub.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react)) | [`^0.408.0` -> `^0.429.0`](https://renovatebot.com/diffs/npm/lucide-react/0.408.0/0.429.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [napi](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.7` -> `3.0.0-alpha.8` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [napi-derive](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.6` -> `3.0.0-alpha.7` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [nestjs-throttler-storage-redis](https://togithub.com/kkoomen/nestjs-throttler-storage-redis) | [`^0.4.1` -> `^0.5.0`](https://renovatebot.com/diffs/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [node](https://nodejs.org) ([source](https://togithub.com/nodejs/node)) | `20.15.1` -> `20.16.0` | [![age](https://developer.mend.io/api/mc/badges/age/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor |
| openresty/openresty | `1.25.3.1-0-buster` -> `1.25.3.2-0-buster` | [![age](https://developer.mend.io/api/mc/badges/age/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | final | patch |
| [playwright](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/playwright/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [react-refresh](https://reactjs.org/) ([source](https://togithub.com/facebook/react/tree/HEAD/packages/react)) | [`^0.10.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/react-refresh/0.10.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [serde](https://serde.rs) ([source](https://togithub.com/serde-rs/serde)) | `1.0.204` -> `1.0.208` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [serde_json](https://togithub.com/serde-rs/json) | `1.0.120` -> `1.0.125` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [storybook-dark-mode](https://togithub.com/hipstersmoothie/storybook-dark-mode) | [`4.0.1` -> `4.0.2`](https://renovatebot.com/diffs/npm/storybook-dark-mode/4.0.1/4.0.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dev-dependencies | minor |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | minor |
| [vite](https://vitejs.dev) ([source](https://togithub.com/vitejs/vite/tree/HEAD/packages/vite)) | [`5.4.1` -> `5.4.2`](https://renovatebot.com/diffs/npm/vite/5.4.1/5.4.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [vite-plugin-dts](https://togithub.com/qmhc/vite-plugin-dts) | [`4.0.2` -> `4.0.3`](https://renovatebot.com/diffs/npm/vite-plugin-dts/4.0.2/4.0.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [wrangler](https://togithub.com/cloudflare/workers-sdk) ([source](https://togithub.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler)) | [`3.72.0` -> `3.72.1`](https://renovatebot.com/diffs/npm/wrangler/3.72.0/3.72.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
---
### Release Notes
<details>
<summary>aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)</summary>
### [`v3.635.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#36350-2024-08-20)
[Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.633.0...v3.635.0)
##### Features
- **client-s3:** Amazon Simple Storage Service / Features : Add support for conditional writes for PutObject and CompleteMultipartUpload APIs. ([b474584](https://togithub.com/aws/aws-sdk-js-v3/commit/b474584f2cfb0438fb1007d0594a54cf1a1c2dcb))
- **codegen:** add Smithy RPCv2 CBOR to list of protocols ([#​6096](https://togithub.com/aws/aws-sdk-js-v3/issues/6096)) ([5154d4f](https://togithub.com/aws/aws-sdk-js-v3/commit/5154d4f19bc77a7bad075b35ce135d3b5f60ad1d))
</details>
<details>
<summary>chromaui/addon-visual-tests (@​chromatic-com/storybook)</summary>
### [`v1.7.0`](https://togithub.com/chromaui/addon-visual-tests/blob/HEAD/CHANGELOG.md#v170-Tue-Aug-20-2024)
[Compare Source](https://togithub.com/chromaui/addon-visual-tests/compare/v1.6.1...v1.7.0)
##### 🚀 Enhancement
- Update story status reporting for Storybook 8.3 and use new `SET_FILTER` event [#​332](https://togithub.com/chromaui/addon-visual-tests/pull/332) ([@​ghengeveld](https://togithub.com/ghengeveld))
##### Authors: 1
- Gert Hengeveld ([@​ghengeveld](https://togithub.com/ghengeveld))
***
</details>
<details>
<summary>emotion-js/emotion (@​emotion/react)</summary>
### [`v11.13.3`](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...3f468846855ed1c6092922a6317a6f5df0ba8dcc)
[Compare Source](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...@emotion/react@11.13.3)
</details>
<details>
<summary>fal-ai/fal-js (@​fal-ai/serverless-client)</summary>
### [`v0.14.2`](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
### [`v0.14.1`](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
### [`v0.14.0`](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
</details>
<details>
<summary>napi-rs/napi-rs (@​napi-rs/cli)</summary>
### [`v3.0.0-alpha.62`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
### [`v3.0.0-alpha.61`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
</details>
<details>
<summary>microsoft/playwright (@​playwright/test)</summary>
### [`v1.46.1`](https://togithub.com/microsoft/playwright/compare/v1.46.0...e1c861cfa7a6caf3c5b798786b1e6298c4f3cf31)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.46.0...v1.46.1)
### [`v1.46.0`](https://togithub.com/microsoft/playwright/compare/v1.45.3...99a36310570617222290c09b96a2026beb8b00f9)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.3...v1.46.0)
### [`v1.45.3`](https://togithub.com/microsoft/playwright/compare/v1.45.2...0e130fa8edaf85765c4a5a86bded0e6d33bfd7c2)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.2...v1.45.3)
### [`v1.45.2`](https://togithub.com/microsoft/playwright/compare/v1.45.1...d8a5f3b33193e413b404ff4aa1f71e859d8f1b6b)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.1...v1.45.2)
### [`v1.45.1`](https://togithub.com/microsoft/playwright/compare/v1.45.0...e8989f83d9801cdaadc3803b5341c601c9593947)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.0...v1.45.1)
### [`v1.45.0`](https://togithub.com/microsoft/playwright/compare/v1.44.1...4f3f6eecae490af444dd9298c9eaeb0c596915b7)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.44.1...v1.45.0)
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/css)</summary>
### [`v1.15.5`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/css/CHANGELOG.md#1155)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/css@1.15.4...@vanilla-extract/css@1.15.5)
##### Patch Changes
- [#​1466](https://togithub.com/vanilla-extract-css/vanilla-extract/pull/1466) [`6432199fa0717f424fb3f45fbe36410b03b01c1c`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/6432199fa0717f424fb3f45fbe36410b03b01c1c) Thanks [@​askoufis](https://togithub.com/askoufis)! - Speed up dev prefix generation for long file paths
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/vite-plugin)</summary>
### [`v4.0.15`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/vite-plugin/CHANGELOG.md#4015)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/vite-plugin@4.0.14...@vanilla-extract/vite-plugin@4.0.15)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/webpack-plugin)</summary>
### [`v2.3.13`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/webpack-plugin/CHANGELOG.md#2313)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/webpack-plugin@2.3.12...@vanilla-extract/webpack-plugin@2.3.13)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>zloirock/core-js (core-js)</summary>
### [`v3.38.1`](https://togithub.com/zloirock/core-js/blob/HEAD/CHANGELOG.md#3381---20240820)
[Compare Source](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Changes [v3.38.0...v3.38.1](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Fixed some cases of `URLSearchParams` percent decoding, [#​1357](https://togithub.com/zloirock/core-js/issues/1357), [#​1361](https://togithub.com/zloirock/core-js/pull/1361), thanks [**@​slowcheetah**](https://togithub.com/slowcheetah)
- Some stylistic changes and minor optimizations
- Compat data improvements:
- [`Iterator` helpers proposal](https://togithub.com/tc39/proposal-iterator-helpers) methods marked as [shipped from FF131](https://bugzilla.mozilla.org/show_bug.cgi?id=1896390)
- [`Math.f16round` and `DataView.prototype.{ getFloat16, setFloat16 }`](https://togithub.com/tc39/proposal-float16array) marked as shipped from Bun 1.1.23
- [`RegExp.escape`](https://togithub.com/tc39/proposal-regex-escaping) marked as shipped from Bun 1.1.22
- [`Promise.try`](https://togithub.com/tc39/proposal-promise-try) marked as shipped from Bun 1.1.22
- [`Uint8Array` to / from base64 and hex proposal](https://togithub.com/tc39/proposal-arraybuffer-base64) methods marked as shipped from Bun 1.1.22
- Added Hermes 0.13 compat data, similar to React Native 0.75 Hermes
- Added Opera Android 84 compat data mapping
</details>
<details>
<summary>iamkun/dayjs (dayjs)</summary>
### [`v1.11.13`](https://togithub.com/iamkun/dayjs/compare/v1.11.12...93c8fd0f807b8a8252f4cd65083bb1d6a49b90e7)
[Compare Source](https://togithub.com/iamkun/dayjs/compare/v1.11.12...v1.11.13)
</details>
<details>
<summary>electron/electron (electron)</summary>
### [`v32.0.1`](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
[Compare Source](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
</details>
<details>
<summary>davidjerleke/embla-carousel (embla-carousel-react)</summary>
### [`v8.2.0`](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...6baf1555c6f68e88a7f785213ecf363f447a8b2f)
[Compare Source](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...v8.2.0)
</details>
<details>
<summary>typicode/husky (husky)</summary>
### [`v9.1.5`](https://togithub.com/typicode/husky/compare/v9.1.4...2fee8d212c601942ad146ea9209f15c20a07fb6d)
[Compare Source](https://togithub.com/typicode/husky/compare/v9.1.4...v9.1.5)
</details>
<details>
<summary>jotaijs/jotai-scope (jotai-scope)</summary>
### [`v0.7.2`](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
[Compare Source](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
</details>
<details>
<summary>lucide-icons/lucide (lucide-react)</summary>
### [`v0.429.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.429.0): New icons 0.429.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.428.0...0.429.0)
#### Modified Icons 🔨
- `message-square-dashed` ([#​2374](https://togithub.com/lucide-icons/lucide/issues/2374)) by [@​jguddas](https://togithub.com/jguddas)
- `stethoscope` ([#​2379](https://togithub.com/lucide-icons/lucide/issues/2379)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.428.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.428.0): New icons 0.428.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.427.0...0.428.0)
#### New icons 🎨
- `tickets-plane` ([#​2196](https://togithub.com/lucide-icons/lucide/issues/2196)) by [@​jguddas](https://togithub.com/jguddas)
#### Modified Icons 🔨
- `folder-search` ([#​2354](https://togithub.com/lucide-icons/lucide/issues/2354)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.427.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.427.0): New icons 0.427.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.426.0...0.427.0)
#### New icons 🎨
- `binoculars` ([#​2207](https://togithub.com/lucide-icons/lucide/issues/2207)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `tickets` ([#​2335](https://togithub.com/lucide-icons/lucide/issues/2335)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.426.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.426.0): New icons 0.426.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.425.0...0.426.0)
#### New icons 🎨
- `chevrons-left-right-ellipsis` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
- `ethernet-port` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
#### Modified Icons 🔨
- `cigarette-off` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
- `cigarette` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.425.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.425.0): New icons 0.425.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.424.0...0.425.0)
#### New icons 🎨
- `bandage` ([#​2341](https://togithub.com/lucide-icons/lucide/issues/2341)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `table-of-contents` ([#​2348](https://togithub.com/lucide-icons/lucide/issues/2348)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `mouse-pointer-2` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-ban` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-click` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-dashed-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.424.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.424.0): New icons 0.424.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.423.0...0.424.0)
#### New icons 🎨
- `map-pin-house` ([#​2337](https://togithub.com/lucide-icons/lucide/issues/2337)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `replace-all` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
- `replace` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.423.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.423.0): New icons 0.423.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.422.0...0.423.0)
#### New icons 🎨
- `amphora` ([#​1926](https://togithub.com/lucide-icons/lucide/issues/1926)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.422.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.422.0): New icons 0.422.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.421.0...0.422.0)
#### Modified Icons 🔨
- `skull` ([#​2197](https://togithub.com/lucide-icons/lucide/issues/2197)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.421.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.421.0): New icons 0.421.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.420.0...0.421.0)
#### New icons 🎨
- `microchip` ([#​1982](https://togithub.com/lucide-icons/lucide/issues/1982)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `circle-check-big` ([#​2330](https://togithub.com/lucide-icons/lucide/issues/2330)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-download` ([#​2355](https://togithub.com/lucide-icons/lucide/issues/2355)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `pentagon` ([#​1918](https://togithub.com/lucide-icons/lucide/issues/1918)) by [@​jguddas](https://togithub.com/jguddas)
- `square-check-big` ([#​2331](https://togithub.com/lucide-icons/lucide/issues/2331)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.420.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.420.0): New icons 0.420.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.419.0...0.420.0)
#### New icons 🎨
- `omega` ([#​2347](https://togithub.com/lucide-icons/lucide/issues/2347)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `calendar-search` ([#​2351](https://togithub.com/lucide-icons/lucide/issues/2351)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-upload` ([#​2352](https://togithub.com/lucide-icons/lucide/issues/2352)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.419.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.419.0): New icons 0.419.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.418.0...0.419.0)
#### New icons 🎨
- `circle-fading-arrow-up` ([#​2287](https://togithub.com/lucide-icons/lucide/issues/2287)) by [@​mosch](https://togithub.com/mosch)
### [`v0.418.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.418.0): New icons 0.418.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.417.0...0.418.0)
#### New icons 🎨
- `id-card` ([#​1296](https://togithub.com/lucide-icons/lucide/issues/1296)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.417.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.417.0): New icons 0.417.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.416.0...0.417.0)
#### Modified Icons 🔨
- `chart-column-increasing` ([#​2334](https://togithub.com/lucide-icons/lucide/issues/2334)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.416.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.416.0): New icons 0.416.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.415.0...0.416.0)
#### New icons 🎨
- `map-pin-check-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-check` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `map-pin-off` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pinned` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.415.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.415.0): New icons 0.415.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.414.0...0.415.0)
#### New icons 🎨
- `square-square` ([#​2241](https://togithub.com/lucide-icons/lucide/issues/2241)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.414.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.414.0): New icons 0.414.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.413.0...0.414.0)
#### New icons 🎨
- `chart-area` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-decreasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-big` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-network` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-no-axes-combined` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-spline` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.413.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.413.0): New icons 0.413.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.412.0...0.413.0)
#### New icons 🎨
- `dam` ([#​2233](https://togithub.com/lucide-icons/lucide/issues/2233)) by [@​AndreasSas](https://togithub.com/AndreasSas)
#### Modified Icons 🔨
- `dog` ([#​2249](https://togithub.com/lucide-icons/lucide/issues/2249)) by [@​jguddas](https://togithub.com/jguddas)
- `key-square` ([#​2277](https://togithub.com/lucide-icons/lucide/issues/2277)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.412.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.412.0): New icons 0.412.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.411.0...0.412.0)
#### New icons 🎨
- `letter-text` ([#​2252](https://togithub.com/lucide-icons/lucide/issues/2252)) by [@​GRA0007](https://togithub.com/GRA0007)
### [`v0.411.0`](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
### [`v0.410.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.410.0): New icons 0.410.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.409.0...0.410.0)
#### New icons 🎨
- `philippine-peso` ([#​2231](https://togithub.com/lucide-icons/lucide/issues/2231)) by [@​kasutu](https://togithub.com/kasutu)
#### Modified Icons 🔨
- `ribbon` ([#​2271](https://togithub.com/lucide-icons/lucide/issues/2271)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.409.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.409.0): New icons 0.409.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.408.0...0.409.0)
#### Modified Icons 🔨
- `calendar-minus` ([#​2265](https://togithub.com/lucide-icons/lucide/issues/2265)) by [@​jguddas](https://togithub.com/jguddas)
- `eye-off` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `image-plus` ([#​2321](https://togithub.com/lucide-icons/lucide/issues/2321)) by [@​jguddas](https://togithub.com/jguddas)
- `scan-eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `view` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
</details>
<details>
<summary>nodejs/node (node)</summary>
### [`v20.16.0`](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
[Compare Source](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
</details>
<details>
<summary>facebook/react (react-refresh)</summary>
### [`v0.14.2`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0142-November-2-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.1...v0.14.2)
##### React DOM
- Fixed bug with development build preventing events from firing in some versions of Internet Explorer & Edge
- Fixed bug with development build when using es5-sham in older versions of Internet Explorer
- Added support for `integrity` attribute
- Fixed bug resulting in `children` prop being coerced to a string for custom elements, which was not the desired behavior
- Moved `react` from `dependencies` to `peerDependencies` to match expectations and align with `react-addons-*` packages
### [`v0.14.1`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#01410-October-14-2020)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.0...v0.14.1)
##### React
- Backport support for the [new JSX transform](https://reactjs.org/blog/2020/09/22/introducing-the-new-jsx-transform.html) to 0.14.x. ([@​lunaruan](https://togithub.com/lunaruan) in [#​18299](https://togithub.com/facebook/react/pull/18299) and [@​gaearon](https://togithub.com/gaearon) in [#​20024](https://togithub.com/facebook/react/pull/20024))
### [`v0.14.0`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0140-October-7-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.13.0...v0.14.0)
##### Major changes
- Split the main `react` package into two: `react` and `react-dom`. This paves the way to writing components that can be shared between the web version of React and React Native. This means you will need to include both files and some functions have been moved from `React` to `ReactDOM`.
- Addons have been moved to separate packages (`react-addons-clone-with-props`, `react-addons-create-fragment`, `react-addons-css-transition-group`, `react-addons-linked-state-mixin`, `react-addons-perf`, `react-addons-pure-render-mixin`, `react-addons-shallow-compare`, `react-addons-test-utils`, `react-addons-transition-group`, `react-addons-update`, `ReactDOM.unstable_batchedUpdates`).
- Stateless functional components - React components were previously created using React.createClass or using ES6 classes. This release adds a [new syntax](https://reactjs.org/docs/reusable-components.html#stateless-functions) where a user defines a single [stateless render function](https://reactjs.org/docs/reusable-components.html#stateless-functions) (with one parameter: `props`) which returns a JSX element, and this function may be used as a component.
- Refs to DOM components as the DOM node itself. Previously the only useful thing you can do with a DOM component is call `getDOMNode()` to get the underlying DOM node. Starting with this release, a ref to a DOM component *is* the actual DOM node. **Note that refs to custom (user-defined) components work exactly as before; only the built-in DOM components are affected by this change.**
##### Breaking changes
- `React.initializeTouchEvents` is no longer necessary and has been removed completely. Touch events now work automatically.
- Add-Ons: Due to the DOM node refs change mentioned above, `TestUtils.findAllInRenderedTree` and related helpers are no longer able to take a DOM component, only a custom component.
- The `props` object is now frozen, so mutating props after creating a component element is no longer supported. In most cases, [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) should be used instead. This change makes your components easier to reason about and enables the compiler optimizations mentioned above.
- Plain objects are no longer supported as React children; arrays should be used instead. You can use the [`createFragment`](https://reactjs.org/docs/create-fragment.html) helper to migrate, which now returns an array.
- Add-Ons: `classSet` has been removed. Use [classnames](https://togithub.com/JedWatson/classnames) instead.
- Web components (custom elements) now use native property names. Eg: `class` instead of `className`.
##### Deprecations
- `this.getDOMNode()` is now deprecated and `ReactDOM.findDOMNode(this)` can be used instead. Note that in the common case, `findDOMNode` is now unnecessary since a ref to the DOM component is now the actual DOM node.
- `setProps` and `replaceProps` are now deprecated. Instead, call ReactDOM.render again at the top level with the new props.
- ES6 component classes must now extend `React.Component` in order to enable stateless function components. The [ES3 module pattern](https://reactjs.org/blog/2015/01/27/react-v0.13.0-beta-1.html#other-languages) will continue to work.
- Reusing and mutating a `style` object between renders has been deprecated. This mirrors our change to freeze the `props` object.
- Add-Ons: `cloneWithProps` is now deprecated. Use [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) instead (unlike `cloneW
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-22 07:12:22 +03:00
|
|
|
"mio 0.8.11",
|
2023-08-29 13:07:05 +03:00
|
|
|
"serde",
|
|
|
|
"walkdir",
|
2024-04-19 23:14:13 +03:00
|
|
|
"windows-sys 0.48.0",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "nu-ansi-term"
|
|
|
|
version = "0.46.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "77a8165726e8236064dbb45459242600304b42a5ea24ee2948e18e023bf7ba84"
|
|
|
|
dependencies = [
|
|
|
|
"overload",
|
|
|
|
"winapi",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "num-bigint-dig"
|
|
|
|
version = "0.8.4"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "dc84195820f291c7697304f3cbdadd1cb7199c0efc917ff5eafd71225c136151"
|
|
|
|
dependencies = [
|
|
|
|
"byteorder",
|
|
|
|
"lazy_static",
|
|
|
|
"libm",
|
|
|
|
"num-integer",
|
|
|
|
"num-iter",
|
|
|
|
"num-traits",
|
2023-09-04 10:31:00 +03:00
|
|
|
"rand",
|
2023-08-29 13:07:05 +03:00
|
|
|
"smallvec",
|
|
|
|
"zeroize",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "num-integer"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.1.46"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"num-traits",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "num-iter"
|
2024-05-16 12:15:58 +03:00
|
|
|
version = "0.1.45"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-16 12:15:58 +03:00
|
|
|
checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"autocfg",
|
|
|
|
"num-integer",
|
|
|
|
"num-traits",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "num-traits"
|
2024-05-16 12:15:58 +03:00
|
|
|
version = "0.2.19"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-16 12:15:58 +03:00
|
|
|
checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"autocfg",
|
|
|
|
"libm",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "object"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.36.4"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "084f1a5821ac4c651660a94a7153d27ac9d8a53736203f58b31945ded098070a"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"memchr",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "once_cell"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "1.19.0"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
2023-11-10 05:25:28 +03:00
|
|
|
[[package]]
|
|
|
|
name = "ordered-float"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "4.2.2"
|
2023-11-10 05:25:28 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "4a91171844676f8c7990ce64959210cd2eaef32c2612c50f9fae9f8aaa6065a6"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"arbitrary",
|
|
|
|
"num-traits",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "overload"
|
|
|
|
version = "0.1.1"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39"
|
|
|
|
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
[[package]]
|
|
|
|
name = "parking"
|
|
|
|
version = "2.2.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "bb813b8af86854136c6922af0598d719255ecb2179515e6e7730d468f05c9cae"
|
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "parking_lot"
|
chore: bump up all non-major dependencies (#7059)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type | Update |
|---|---|---|---|---|---|---|---|
| [@nx/vite](https://nx.dev) ([source](https://togithub.com/nrwl/nx/tree/HEAD/packages/vite)) | [`19.0.8` -> `19.1.0`](https://renovatebot.com/diffs/npm/@nx%2fvite/19.0.8/19.1.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@nx%2fvite/19.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@nx%2fvite/19.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@nx%2fvite/19.0.8/19.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nx%2fvite/19.0.8/19.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [cloudflare/wrangler-action](https://togithub.com/cloudflare/wrangler-action) | `v3.6.0` -> `v3.6.1` | [![age](https://developer.mend.io/api/mc/badges/age/github-tags/cloudflare%2fwrangler-action/v3.6.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/cloudflare%2fwrangler-action/v3.6.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/cloudflare%2fwrangler-action/v3.6.0/v3.6.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/cloudflare%2fwrangler-action/v3.6.0/v3.6.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | action | patch |
| [electron-log](https://togithub.com/megahertz/electron-log) | [`5.1.4` -> `5.1.5`](https://renovatebot.com/diffs/npm/electron-log/5.1.4/5.1.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/electron-log/5.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/electron-log/5.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/electron-log/5.1.4/5.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron-log/5.1.4/5.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [esbuild](https://togithub.com/evanw/esbuild) | [`0.21.3` -> `0.21.4`](https://renovatebot.com/diffs/npm/esbuild/0.21.3/0.21.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/esbuild/0.21.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/esbuild/0.21.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/esbuild/0.21.3/0.21.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/esbuild/0.21.3/0.21.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [lint-staged](https://togithub.com/okonet/lint-staged) | [`15.2.4` -> `15.2.5`](https://renovatebot.com/diffs/npm/lint-staged/15.2.4/15.2.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/lint-staged/15.2.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/lint-staged/15.2.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/lint-staged/15.2.4/15.2.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/lint-staged/15.2.4/15.2.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [nodemon](https://nodemon.io) ([source](https://togithub.com/remy/nodemon)) | [`3.1.0` -> `3.1.1`](https://renovatebot.com/diffs/npm/nodemon/3.1.0/3.1.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/nodemon/3.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/nodemon/3.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/nodemon/3.1.0/3.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nodemon/3.1.0/3.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [nx](https://nx.dev) ([source](https://togithub.com/nrwl/nx/tree/HEAD/packages/nx)) | [`19.0.8` -> `19.1.0`](https://renovatebot.com/diffs/npm/nx/19.0.8/19.1.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/nx/19.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/nx/19.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/nx/19.0.8/19.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nx/19.0.8/19.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [parking_lot](https://togithub.com/Amanieu/parking_lot) | `0.12.2` -> `0.12.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/parking_lot/0.12.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/parking_lot/0.12.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/parking_lot/0.12.2/0.12.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/parking_lot/0.12.2/0.12.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [react-virtuoso](https://virtuoso.dev/) ([source](https://togithub.com/petyosi/react-virtuoso)) | [`4.7.10` -> `4.7.11`](https://renovatebot.com/diffs/npm/react-virtuoso/4.7.10/4.7.11) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-virtuoso/4.7.11?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-virtuoso/4.7.11?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-virtuoso/4.7.10/4.7.11?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-virtuoso/4.7.10/4.7.11?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [serde](https://serde.rs) ([source](https://togithub.com/serde-rs/serde)) | `1.0.202` -> `1.0.203` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde/1.0.203?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde/1.0.203?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde/1.0.202/1.0.203?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde/1.0.202/1.0.203?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
---
### Release Notes
<details>
<summary>nrwl/nx (@​nx/vite)</summary>
### [`v19.1.0`](https://togithub.com/nrwl/nx/releases/tag/19.1.0)
[Compare Source](https://togithub.com/nrwl/nx/compare/19.0.8...19.1.0)
##### 19.1.0 (2024-05-24)
##### 🚀 Features
- **angular:** support angular 18.0.0 ([#​22509](https://togithub.com/nrwl/nx/pull/22509))
- **bundling:** added support for declarations (\*.d.ts) ([#​21084](https://togithub.com/nrwl/nx/pull/21084))
- **core:** add an option to seperate the output of show with provide… ([#​23172](https://togithub.com/nrwl/nx/pull/23172))
- **core:** support finding matching projects with only negative patterns ([#​22743](https://togithub.com/nrwl/nx/pull/22743))
- **core:** default show to web view when in interactive terminal ([#​23358](https://togithub.com/nrwl/nx/pull/23358))
- **core:** resolve nx migrate target version against registry ([#​23450](https://togithub.com/nrwl/nx/pull/23450))
- **core:** allow executor definition to point to another executor ([#​23576](https://togithub.com/nrwl/nx/pull/23576))
- **core:** add bun package manager ([#​22602](https://togithub.com/nrwl/nx/pull/22602))
- **graph:** change gradle and nextjs svg ([#​23201](https://togithub.com/nrwl/nx/pull/23201))
- **graph:** show script content in header ([#​23257](https://togithub.com/nrwl/nx/pull/23257))
- **misc:** improve nx cloud setup prompts and messaging ([#​23218](https://togithub.com/nrwl/nx/pull/23218))
- **module-federation:** add remote configuration override ([#​19694](https://togithub.com/nrwl/nx/pull/19694))
- **nextjs:** Update Next & Tailwindcss Package ([#​23313](https://togithub.com/nrwl/nx/pull/23313))
- **nx-dev:** show banner on documentation pages ([#​23266](https://togithub.com/nrwl/nx/pull/23266))
- **nx-dev:** check for missing images ([#​23248](https://togithub.com/nrwl/nx/pull/23248))
- **nx-dev:** put banner above menu ([#​23335](https://togithub.com/nrwl/nx/pull/23335))
- **nx-dev:** Add more blogs ([#​25939](https://togithub.com/nrwl/nx/pull/25939))
- **react:** Add SvgOptions for NxReactWebpackPlugin and WithNx ([#​23283](https://togithub.com/nrwl/nx/pull/23283))
- **react-native:** add optional syncDeps param to storybook executor ([#​22032](https://togithub.com/nrwl/nx/pull/22032))
- **release:** updateDependents generator option for versioning, support circular dependencies ([#​23252](https://togithub.com/nrwl/nx/pull/23252))
- **testing:** updates cypress and [@​cypress/webpack-dev-server](https://togithub.com/cypress/webpack-dev-server) ([#​22902](https://togithub.com/nrwl/nx/pull/22902))
- **testing:** remove --watch=false from inferred vitest targets to keep things inlined with vitest recommendations ([#​25975](https://togithub.com/nrwl/nx/pull/25975))
- **vite:** support incremental builds with nxViteTsPaths ([#​23908](https://togithub.com/nrwl/nx/pull/23908))
##### 🩹 Fixes
- **angular:** libraries should not contain tslib by default [#​21023](https://togithub.com/nrwl/nx/issues/21023) ([#​23423](https://togithub.com/nrwl/nx/pull/23423), [#​21023](https://togithub.com/nrwl/nx/issues/21023))
- **angular:** [@​angular/core](https://togithub.com/angular/core) should always be provided as a shared package [#​19121](https://togithub.com/nrwl/nx/issues/19121) ([#​23464](https://togithub.com/nrwl/nx/pull/23464), [#​19121](https://togithub.com/nrwl/nx/issues/19121))
- **bundling:** rollup does not log build errors ([#​23141](https://togithub.com/nrwl/nx/pull/23141))
- **bundling:** resolve index files from ts paths when running esbuild without bundling ([#​23098](https://togithub.com/nrwl/nx/pull/23098))
- **core:** set yarn berry nodeLinker correctly in migrate command ([#​23249](https://togithub.com/nrwl/nx/pull/23249))
- **core:** show project --web shouldn't error ([#​23251](https://togithub.com/nrwl/nx/pull/23251))
- **core:** update getLastValueFromAsyncIterableIterator to support AsyncIterables returned from executors ([#​23229](https://togithub.com/nrwl/nx/pull/23229))
- **core:** include more binary extensions ([#​22788](https://togithub.com/nrwl/nx/pull/22788), [#​22861](https://togithub.com/nrwl/nx/pull/22861))
- **core:** workspace remove generator should handle no root jest config ([#​23328](https://togithub.com/nrwl/nx/pull/23328))
- **core:** addPlugin should not conflict on project.json targets ([#​23264](https://togithub.com/nrwl/nx/pull/23264))
- **core:** throw a specific error for print-affected and affected graph ([#​23336](https://togithub.com/nrwl/nx/pull/23336))
- **core:** properly indent command output with mixed line endings ([#​23321](https://togithub.com/nrwl/nx/pull/23321))
- **core:** read socket dir on demand & load .env files on client startup ([#​23348](https://togithub.com/nrwl/nx/pull/23348))
- **core:** not load env files when NX_LOAD_DOT_ENV_FILES is false ([#​23231](https://togithub.com/nrwl/nx/pull/23231))
- **core:** addPlugin should not conflict on project.json targ… ([#​23391](https://togithub.com/nrwl/nx/pull/23391))
- **core:** fix affected detection for inputs after named inputs ([#​23354](https://togithub.com/nrwl/nx/pull/23354))
- **core:** fix eslint --help command ([#​23274](https://togithub.com/nrwl/nx/pull/23274))
- **core:** copy native files to tmp file location instead of .nx/cache ([#​23375](https://togithub.com/nrwl/nx/pull/23375))
- **core:** retry interrupted errors when writing to stdout ([#​23359](https://togithub.com/nrwl/nx/pull/23359))
- **core:** do not add an ending new line when serializing a json ([#​23440](https://togithub.com/nrwl/nx/pull/23440))
- **core:** migrate should warn if package does not exist ([#​23317](https://togithub.com/nrwl/nx/pull/23317))
- **core:** azure ci workflow ([#​23453](https://togithub.com/nrwl/nx/pull/23453))
- **core:** only check for `err` in `handleWorkspaceChanges` ([#​23500](https://togithub.com/nrwl/nx/pull/23500))
- **core:** remove duplicate `js-yaml` packages ([f1ae1bc879](https://togithub.com/nrwl/nx/commit/f1ae1bc879))
- **core:** fix alias package parsing and pruning for npm ([#​23474](https://togithub.com/nrwl/nx/pull/23474))
- **core:** install packages per migration when creating commits ([#​23820](https://togithub.com/nrwl/nx/pull/23820))
- **core:** more helpful output for format:check --verbose ([#​23503](https://togithub.com/nrwl/nx/pull/23503))
- **core:** fix buildTargetFromScript takes a long time ([#​25209](https://togithub.com/nrwl/nx/pull/25209))
- **core:** cache getting the package manager to the module scope ([#​25992](https://togithub.com/nrwl/nx/pull/25992))
- **core:** use zkochan/js-yaml directly to avoid false audit errors ([#​25999](https://togithub.com/nrwl/nx/pull/25999))
- **core:** use current user when hashing native file & enable setting its directory via env ([#​24326](https://togithub.com/nrwl/nx/pull/24326))
- **devkit:** combineAsyncIterable should not be blocking when error occurs [#​21393](https://togithub.com/nrwl/nx/issues/21393) ([#​23400](https://togithub.com/nrwl/nx/pull/23400), [#​21393](https://togithub.com/nrwl/nx/issues/21393))
- **gradle:** use local gradlew instead of sdkman ([#​23205](https://togithub.com/nrwl/nx/pull/23205))
- **gradle:** run gradle init if no settings.gradle ([#​23226](https://togithub.com/nrwl/nx/pull/23226))
- **graph:** properly remove <base> tag when generating static graph file ([#​23399](https://togithub.com/nrwl/nx/pull/23399))
- **graph:** reload graph app only when hash changes in watch mode ([#​23434](https://togithub.com/nrwl/nx/pull/23434))
- **js:** Adds mjs files to prettierrcNameOptions ([#​21796](https://togithub.com/nrwl/nx/pull/21796))
- **js:** copy assets handler should correctly handle assets on windows ([#​23351](https://togithub.com/nrwl/nx/pull/23351))
- **js:** Respect loose option provided from config ([#​23406](https://togithub.com/nrwl/nx/pull/23406))
- **js:** fix update package.json ([#​21415](https://togithub.com/nrwl/nx/pull/21415))
- **js:** print warning when --generateLockfile is used with Bun rather than erroring out ([#​25158](https://togithub.com/nrwl/nx/pull/25158))
- **js:** export setup verdaccio generator ([#​24008](https://togithub.com/nrwl/nx/pull/24008))
- **js:** handle tsconfig file with no compilerOptions ([#​25966](https://togithub.com/nrwl/nx/pull/25966))
- **linter:** ensure config.rules is spread into rules in flat config migration ([#​23263](https://togithub.com/nrwl/nx/pull/23263))
- **linter:** ensure all spreads are removed from rules before parsing ([#​23292](https://togithub.com/nrwl/nx/pull/23292))
- **linter:** log transpilation errors of workspace rules ([#​21503](https://togithub.com/nrwl/nx/pull/21503))
- **linter:** rename languageSettings to languageOptions for flat config migration ([#​22924](https://togithub.com/nrwl/nx/pull/22924))
- **linter:** fix migrating projects with the eslint plugin ([#​23147](https://togithub.com/nrwl/nx/pull/23147))
- **linter:** support eslint v9 ([#​24632](https://togithub.com/nrwl/nx/pull/24632))
- **linter:** only set flat config env for eslint v9+ ([#​25189](https://togithub.com/nrwl/nx/pull/25189))
- **linter:** only depend on eslint v8 ([#​25938](https://togithub.com/nrwl/nx/pull/25938))
- **linter:** migrate no-extra-semi rules into user config, out of nx extendable configs ([#​26011](https://togithub.com/nrwl/nx/pull/26011))
- **linter:** move eslint to peerDependencies and allow eslint 9 ([#​26013](https://togithub.com/nrwl/nx/pull/26013))
- **misc:** create workspaces and default app with the name as provided ([#​23196](https://togithub.com/nrwl/nx/pull/23196))
- **misc:** adjust deprecation messages to v20 ([#​23223](https://togithub.com/nrwl/nx/pull/23223))
- **misc:** move e2e-ci to a separate parallel 1 command ([#​23305](https://togithub.com/nrwl/nx/pull/23305))
- **misc:** guard against failure to decode file in migration ([#​23069](https://togithub.com/nrwl/nx/pull/23069))
- **misc:** adjust npm keywords ([#​24743](https://togithub.com/nrwl/nx/pull/24743))
- **misc:** various inference plugins caching should track changes ([#​23315](https://togithub.com/nrwl/nx/pull/23315))
- **module-federation:** nested projects should be ordered first when reading from tsconfig paths [#​20284](https://togithub.com/nrwl/nx/issues/20284) ([#​23212](https://togithub.com/nrwl/nx/pull/23212), [#​20284](https://togithub.com/nrwl/nx/issues/20284))
- **module-federation:** Throw an error if remote is invalid ([#​23100](https://togithub.com/nrwl/nx/pull/23100))
- **nextjs:** Moving a library using [@​nx/workspace](https://togithub.com/nx/workspace):move should update … ([#​23311](https://togithub.com/nrwl/nx/pull/23311))
- **nextjs:** additional experimental HTTPS options ([#​23334](https://togithub.com/nrwl/nx/pull/23334))
- **node:** Docker generator should work ([#​23452](https://togithub.com/nrwl/nx/pull/23452))
- **nx-cloud:** ensure generated ci workflows use dlx for nx-cloud ([#​23333](https://togithub.com/nrwl/nx/pull/23333))
- **nx-dev:** fix home page mobile menu ([#​23250](https://togithub.com/nrwl/nx/pull/23250))
- **nx-dev:** move table of contents down ([#​23350](https://togithub.com/nrwl/nx/pull/23350))
- **react:** respect unitTestRunner passed to the generator ([#​23383](https://togithub.com/nrwl/nx/pull/23383))
- **react:** remote generator should update host's app routes ([#​23499](https://togithub.com/nrwl/nx/pull/23499))
- **react:** applications not using plugin usage should set target defaults ([#​23582](https://togithub.com/nrwl/nx/pull/23582))
- **react-native:** fix test-setup for react native/expo jest ([#​23314](https://togithub.com/nrwl/nx/pull/23314))
- **release:** ensure changelog renderers are resolvable when processing config ([#​23214](https://togithub.com/nrwl/nx/pull/23214))
- **release:** invalid tag for fixed groups without changes ([#​22800](https://togithub.com/nrwl/nx/pull/22800))
- **release:** npm publish error when file path contains spaces ([#​24750](https://togithub.com/nrwl/nx/pull/24750))
- **repo:** hash proper projects when nx ([#​23506](https://togithub.com/nrwl/nx/pull/23506))
- **storybook:** should handle inferred cypress when generating cypress project [#​21770](https://togithub.com/nrwl/nx/issues/21770) ([#​23327](https://togithub.com/nrwl/nx/pull/23327), [#​21770](https://togithub.com/nrwl/nx/issues/21770))
- **testing:** resolve absolute paths for ts path mappings in jest resolver ([#​23346](https://togithub.com/nrwl/nx/pull/23346))
- **testing:** ignore jest-sequencer- paths in jest resolver ([#​23396](https://togithub.com/nrwl/nx/pull/23396))
- **testing:** check for project eslint config file in cypress and pla… ([#​23401](https://togithub.com/nrwl/nx/pull/23401))
- **testing:** handle existing jest preset file correctly ([#​23437](https://togithub.com/nrwl/nx/pull/23437))
- **vite:** don't generate tasks for remix projects ([#​22551](https://togithub.com/nrwl/nx/pull/22551))
- **vite:** get tsconfig from new path including target ([#​22775](https://togithub.com/nrwl/nx/pull/22775))
- **vite:** support passing --watch to inferred vitest commands ([#​23298](https://togithub.com/nrwl/nx/pull/23298))
- **vite:** generate vitest cache dir scoped to each project root and normalize vite cache dir ([#​23330](https://togithub.com/nrwl/nx/pull/23330))
- **vite:** migration should handle config object correctly [#​20921](https://togithub.com/nrwl/nx/issues/20921) ([#​23364](https://togithub.com/nrwl/nx/pull/23364), [#​20921](https://togithub.com/nrwl/nx/issues/20921))
- **vite:** add prop to config to ensure output dir is emptied [#​23382](https://togithub.com/nrwl/nx/issues/23382) ([#​23466](https://togithub.com/nrwl/nx/pull/23466), [#​23382](https://togithub.com/nrwl/nx/issues/23382))
- **vue:** ootb unit testing should work with --routing [#​19921](https://togithub.com/nrwl/nx/issues/19921) ([#​23441](https://togithub.com/nrwl/nx/pull/23441), [#​19921](https://togithub.com/nrwl/nx/issues/19921))
- **web:** Add strict mode ([#​23457](https://togithub.com/nrwl/nx/pull/23457))
- **web:** Add strict mode" ([#​23472](https://togithub.com/nrwl/nx/pull/23472))
- **web:** Add strict mode for [@​nx/web](https://togithub.com/nx/web) ([#​23497](https://togithub.com/nrwl/nx/pull/23497))
- **webpack:** fix default compiler option ([#​22762](https://togithub.com/nrwl/nx/pull/22762))
- **webpack:** don't overwrite output config ([#​22116](https://togithub.com/nrwl/nx/pull/22116))
- **webpack:** publicPath and rebaseRootRelative ([#​20992](https://togithub.com/nrwl/nx/pull/20992))
- **webpack:** apply-base-config should initialize options it will set [#​23296](https://togithub.com/nrwl/nx/issues/23296) ([#​23368](https://togithub.com/nrwl/nx/pull/23368), [#​23296](https://togithub.com/nrwl/nx/issues/23296))
- **webpack:** only add entrypoints if they are intentionally injected [#​20049](https://togithub.com/nrwl/nx/issues/20049) ([#​23444](https://togithub.com/nrwl/nx/pull/23444), [#​20049](https://togithub.com/nrwl/nx/issues/20049))
##### ❤️ Thank You
- andriizavoiko [@​andriizavoiko](https://togithub.com/andriizavoiko)
- arekkubaczkowski [@​arekkubaczkowski](https://togithub.com/arekkubaczkowski)
- castleadmin [@​castleadmin](https://togithub.com/castleadmin)
- Colum Ferry [@​Coly010](https://togithub.com/Coly010)
- Craigory Coppola [@​AgentEnder](https://togithub.com/AgentEnder)
- Daniel Santiago
- Denis Bendrikov
- dmcweeney
- Dmitry Zakharov [@​pumano](https://togithub.com/pumano)
- Edward Wang [@​wzc0415](https://togithub.com/wzc0415)
- Emily Xiong [@​xiongemi](https://togithub.com/xiongemi)
- Isaac Mann [@​isaacplmann](https://togithub.com/isaacplmann)
- Jack Hsu [@​jaysoo](https://togithub.com/jaysoo)
- James Henry [@​JamesHenry](https://togithub.com/JamesHenry)
- Jason Jean [@​FrozenPandaz](https://togithub.com/FrozenPandaz)
- Jonathan Cammisuli
- Jordan Hall [@​Jordan-Hall](https://togithub.com/Jordan-Hall)
- Katerina Skroumpelou [@​mandarini](https://togithub.com/mandarini)
- Krystian Sowiński [@​plumcoding](https://togithub.com/plumcoding)
- Leosvel Pérez Espinosa [@​leosvelperez](https://togithub.com/leosvelperez)
- Mateo Tibaquirá
- Matthias Stemmler [@​ms-tng](https://togithub.com/ms-tng)
- MaxKless [@​MaxKless](https://togithub.com/MaxKless)
- Mehrad Rafigh [@​mehrad-rafigh](https://togithub.com/mehrad-rafigh)
- Mike Peters
- Miroslav Jonaš [@​meeroslav](https://togithub.com/meeroslav)
- Nicholas Cunningham [@​ndcunningham](https://togithub.com/ndcunningham)
- Patrick P [@​ppfenning92](https://togithub.com/ppfenning92)
- Phillip Barta [@​Phillip9587](https://togithub.com/Phillip9587)
- Robin Csutorás
- Sean Sanker
- Younes Jaaidi
</details>
<details>
<summary>cloudflare/wrangler-action (cloudflare/wrangler-action)</summary>
### [`v3.6.1`](https://togithub.com/cloudflare/wrangler-action/releases/tag/v3.6.1)
[Compare Source](https://togithub.com/cloudflare/wrangler-action/compare/v3.6.0...v3.6.1)
##### Patch Changes
- [#​265](https://togithub.com/cloudflare/wrangler-action/pull/265) [`2d275a8f2d279dc91912c1ff8023af109ef3280c`](https://togithub.com/cloudflare/wrangler-action/commit/2d275a8f2d279dc91912c1ff8023af109ef3280c) Thanks [@​Maximo-Guk](https://togithub.com/Maximo-Guk)! - Reverts [#​235](https://togithub.com/cloudflare/wrangler-action/issues/235) which may have caused the latest version of wrangler to be installed, if no wrangler version was found
</details>
<details>
<summary>megahertz/electron-log (electron-log)</summary>
### [`v5.1.5`](https://togithub.com/megahertz/electron-log/compare/v5.1.4...v5.1.5)
[Compare Source](https://togithub.com/megahertz/electron-log/compare/v5.1.4...v5.1.5)
</details>
<details>
<summary>evanw/esbuild (esbuild)</summary>
### [`v0.21.4`](https://togithub.com/evanw/esbuild/blob/HEAD/CHANGELOG.md#0214)
[Compare Source](https://togithub.com/evanw/esbuild/compare/v0.21.3...v0.21.4)
- Update support for import assertions and import attributes in node ([#​3778](https://togithub.com/evanw/esbuild/issues/3778))
Import assertions (the `assert` keyword) have been removed from node starting in v22.0.0. So esbuild will now strip them and generate a warning with `--target=node22` or above:
▲ [WARNING] The "assert" keyword is not supported in the configured target environment ("node22") [assert-to-with]
example.mjs:1:40:
1 │ import json from "esbuild/package.json" assert { type: "json" }
│ ~~~~~~
╵ with
Did you mean to use "with" instead of "assert"?
Import attributes (the `with` keyword) have been backported to node 18 starting in v18.20.0. So esbuild will no longer strip them with `--target=node18.N` if `N` is 20 or greater.
- Fix `for await` transform when a label is present
This release fixes a bug where the `for await` transform, which wraps the loop in a `try` statement, previously failed to also move the loop's label into the `try` statement. This bug only affects code that uses both of these features in combination. Here's an example of some affected code:
```js
// Original code
async function test() {
outer: for await (const x of [Promise.resolve([0, 1])]) {
for (const y of x) if (y) break outer
throw 'fail'
}
}
// Old output (with --target=es6)
function test() {
return __async(this, null, function* () {
outer: try {
for (var iter = __forAwait([Promise.resolve([0, 1])]), more, temp, error; more = !(temp = yield iter.next()).done; more = false) {
const x = temp.value;
for (const y of x) if (y) break outer;
throw "fail";
}
} catch (temp) {
error = [temp];
} finally {
try {
more && (temp = iter.return) && (yield temp.call(iter));
} finally {
if (error)
throw error[0];
}
}
});
}
// New output (with --target=es6)
function test() {
return __async(this, null, function* () {
try {
outer: for (var iter = __forAwait([Promise.resolve([0, 1])]), more, temp, error; more = !(temp = yield iter.next()).done; more = false) {
const x = temp.value;
for (const y of x) if (y) break outer;
throw "fail";
}
} catch (temp) {
error = [temp];
} finally {
try {
more && (temp = iter.return) && (yield temp.call(iter));
} finally {
if (error)
throw error[0];
}
}
});
}
```
- Do additional constant folding after cross-module enum inlining ([#​3416](https://togithub.com/evanw/esbuild/issues/3416), [#​3425](https://togithub.com/evanw/esbuild/issues/3425))
This release adds a few more cases where esbuild does constant folding after cross-module enum inlining.
```ts
// Original code: enum.ts
export enum Platform {
WINDOWS = 'windows',
MACOS = 'macos',
LINUX = 'linux',
}
// Original code: main.ts
import { Platform } from './enum';
declare const PLATFORM: string;
export function logPlatform() {
if (PLATFORM == Platform.WINDOWS) console.log('Windows');
else if (PLATFORM == Platform.MACOS) console.log('macOS');
else if (PLATFORM == Platform.LINUX) console.log('Linux');
else console.log('Other');
}
// Old output (with --bundle '--define:PLATFORM="macos"' --minify --format=esm)
function n(){"windows"=="macos"?console.log("Windows"):"macos"=="macos"?console.log("macOS"):"linux"=="macos"?console.log("Linux"):console.log("Other")}export{n as logPlatform};
// New output (with --bundle '--define:PLATFORM="macos"' --minify --format=esm)
function n(){console.log("macOS")}export{n as logPlatform};
```
- Pass import attributes to on-resolve plugins ([#​3384](https://togithub.com/evanw/esbuild/issues/3384), [#​3639](https://togithub.com/evanw/esbuild/issues/3639), [#​3646](https://togithub.com/evanw/esbuild/issues/3646))
With this release, on-resolve plugins will now have access to the import attributes on the import via the `with` property of the arguments object. This mirrors the `with` property of the arguments object that's already passed to on-load plugins. In addition, you can now pass `with` to the `resolve()` API call which will then forward that value on to all relevant plugins. Here's an example of a plugin that can now be written:
```js
const examplePlugin = {
name: 'Example plugin',
setup(build) {
build.onResolve({ filter: /.*/ }, args => {
if (args.with.type === 'external')
return { external: true }
})
}
}
require('esbuild').build({
stdin: {
contents: `
import foo from "./foo" with { type: "external" }
foo()
`,
},
bundle: true,
format: 'esm',
write: false,
plugins: [examplePlugin],
}).then(result => {
console.log(result.outputFiles[0].text)
})
```
- Formatting support for the `@position-try` rule ([#​3773](https://togithub.com/evanw/esbuild/issues/3773))
Chrome shipped this new CSS at-rule in version 125 as part of the [CSS anchor positioning API](https://developer.chrome.com/blog/anchor-positioning-api). With this release, esbuild now knows to expect a declaration list inside of the `@position-try` body block and will format it appropriately.
- Always allow internal string import and export aliases ([#​3343](https://togithub.com/evanw/esbuild/issues/3343))
Import and export names can be string literals in ES2022+. Previously esbuild forbid any usage of these aliases when the target was below ES2022. Starting with this release, esbuild will only forbid such usage when the alias would otherwise end up in output as a string literal. String literal aliases that are only used internally in the bundle and are "compiled away" are no longer errors. This makes it possible to use string literal aliases with esbuild's `inject` feature even when the target is earlier than ES2022.
</details>
<details>
<summary>okonet/lint-staged (lint-staged)</summary>
### [`v15.2.5`](https://togithub.com/okonet/lint-staged/blob/HEAD/CHANGELOG.md#1525)
[Compare Source](https://togithub.com/okonet/lint-staged/compare/v15.2.4...v15.2.5)
##### Patch Changes
- [#​1424](https://togithub.com/lint-staged/lint-staged/pull/1424) [`31a1f95`](https://togithub.com/lint-staged/lint-staged/commit/31a1f9548ea8202bc5bd718076711f747396e3ca) Thanks [@​iiroj](https://togithub.com/iiroj)! - Allow approximately equivalent versions of direct dependencies by using the "~" character in the version ranges. This means a more recent patch version of a dependency is allowed if available.
- [#​1423](https://togithub.com/lint-staged/lint-staged/pull/1423) [`91abea0`](https://togithub.com/lint-staged/lint-staged/commit/91abea0d298154d92113ba34bae4020704e22918) Thanks [@​iiroj](https://togithub.com/iiroj)! - Improve error logging when failing to read or parse a configuration file
- [#​1424](https://togithub.com/lint-staged/lint-staged/pull/1424) [`ee43f15`](https://togithub.com/lint-staged/lint-staged/commit/ee43f154097753dd5448766f792387e60e0ea453) Thanks [@​iiroj](https://togithub.com/iiroj)! - Upgrade micromatch@4.0.7
</details>
<details>
<summary>remy/nodemon (nodemon)</summary>
### [`v3.1.1`](https://togithub.com/remy/nodemon/releases/tag/v3.1.1)
[Compare Source](https://togithub.com/remy/nodemon/compare/v3.1.0...v3.1.1)
##### Bug Fixes
- add types to help with required nodemon usage ([#​2204](https://togithub.com/remy/nodemon/issues/2204)) ([cd27c0b](https://togithub.com/remy/nodemon/commit/cd27c0b50584e078a10338ef0c37282255f3f9ca))
</details>
<details>
<summary>Amanieu/parking_lot (parking_lot)</summary>
### [`v0.12.3`](https://togithub.com/Amanieu/parking_lot/blob/HEAD/CHANGELOG.md#parkinglot-0123-2024-05-24)
[Compare Source](https://togithub.com/Amanieu/parking_lot/compare/0.12.2...0.12.3)
- Export types provided by arc_lock feature ([#​442](https://togithub.com/Amanieu/parking_lot/issues/442))
</details>
<details>
<summary>petyosi/react-virtuoso (react-virtuoso)</summary>
### [`v4.7.11`](https://togithub.com/petyosi/react-virtuoso/releases/tag/v4.7.11)
[Compare Source](https://togithub.com/petyosi/react-virtuoso/compare/v4.7.10...v4.7.11)
##### Bug Fixes
- update initialTopMostItemIndex type in TableVirtuoso interface ([#​1091](https://togithub.com/petyosi/react-virtuoso/issues/1091)) ([9a93e93](https://togithub.com/petyosi/react-virtuoso/commit/9a93e93dcbe5c02ad61dbd87d5e0c27251a583c6))
</details>
<details>
<summary>serde-rs/serde (serde)</summary>
### [`v1.0.203`](https://togithub.com/serde-rs/serde/compare/v1.0.202...v1.0.203)
[Compare Source](https://togithub.com/serde-rs/serde/compare/v1.0.202...v1.0.203)
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNjguMTAiLCJ1cGRhdGVkSW5WZXIiOiIzNy4zNjguMTAiLCJ0YXJnZXRCcmFuY2giOiJjYW5hcnkiLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19-->
2024-05-27 08:33:12 +03:00
|
|
|
version = "0.12.3"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
chore: bump up all non-major dependencies (#7059)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type | Update |
|---|---|---|---|---|---|---|---|
| [@nx/vite](https://nx.dev) ([source](https://togithub.com/nrwl/nx/tree/HEAD/packages/vite)) | [`19.0.8` -> `19.1.0`](https://renovatebot.com/diffs/npm/@nx%2fvite/19.0.8/19.1.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@nx%2fvite/19.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@nx%2fvite/19.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@nx%2fvite/19.0.8/19.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nx%2fvite/19.0.8/19.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [cloudflare/wrangler-action](https://togithub.com/cloudflare/wrangler-action) | `v3.6.0` -> `v3.6.1` | [![age](https://developer.mend.io/api/mc/badges/age/github-tags/cloudflare%2fwrangler-action/v3.6.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/cloudflare%2fwrangler-action/v3.6.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/cloudflare%2fwrangler-action/v3.6.0/v3.6.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/cloudflare%2fwrangler-action/v3.6.0/v3.6.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | action | patch |
| [electron-log](https://togithub.com/megahertz/electron-log) | [`5.1.4` -> `5.1.5`](https://renovatebot.com/diffs/npm/electron-log/5.1.4/5.1.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/electron-log/5.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/electron-log/5.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/electron-log/5.1.4/5.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron-log/5.1.4/5.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [esbuild](https://togithub.com/evanw/esbuild) | [`0.21.3` -> `0.21.4`](https://renovatebot.com/diffs/npm/esbuild/0.21.3/0.21.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/esbuild/0.21.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/esbuild/0.21.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/esbuild/0.21.3/0.21.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/esbuild/0.21.3/0.21.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [lint-staged](https://togithub.com/okonet/lint-staged) | [`15.2.4` -> `15.2.5`](https://renovatebot.com/diffs/npm/lint-staged/15.2.4/15.2.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/lint-staged/15.2.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/lint-staged/15.2.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/lint-staged/15.2.4/15.2.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/lint-staged/15.2.4/15.2.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [nodemon](https://nodemon.io) ([source](https://togithub.com/remy/nodemon)) | [`3.1.0` -> `3.1.1`](https://renovatebot.com/diffs/npm/nodemon/3.1.0/3.1.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/nodemon/3.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/nodemon/3.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/nodemon/3.1.0/3.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nodemon/3.1.0/3.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [nx](https://nx.dev) ([source](https://togithub.com/nrwl/nx/tree/HEAD/packages/nx)) | [`19.0.8` -> `19.1.0`](https://renovatebot.com/diffs/npm/nx/19.0.8/19.1.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/nx/19.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/nx/19.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/nx/19.0.8/19.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nx/19.0.8/19.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [parking_lot](https://togithub.com/Amanieu/parking_lot) | `0.12.2` -> `0.12.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/parking_lot/0.12.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/parking_lot/0.12.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/parking_lot/0.12.2/0.12.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/parking_lot/0.12.2/0.12.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [react-virtuoso](https://virtuoso.dev/) ([source](https://togithub.com/petyosi/react-virtuoso)) | [`4.7.10` -> `4.7.11`](https://renovatebot.com/diffs/npm/react-virtuoso/4.7.10/4.7.11) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-virtuoso/4.7.11?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-virtuoso/4.7.11?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-virtuoso/4.7.10/4.7.11?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-virtuoso/4.7.10/4.7.11?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [serde](https://serde.rs) ([source](https://togithub.com/serde-rs/serde)) | `1.0.202` -> `1.0.203` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde/1.0.203?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde/1.0.203?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde/1.0.202/1.0.203?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde/1.0.202/1.0.203?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
---
### Release Notes
<details>
<summary>nrwl/nx (@​nx/vite)</summary>
### [`v19.1.0`](https://togithub.com/nrwl/nx/releases/tag/19.1.0)
[Compare Source](https://togithub.com/nrwl/nx/compare/19.0.8...19.1.0)
##### 19.1.0 (2024-05-24)
##### 🚀 Features
- **angular:** support angular 18.0.0 ([#​22509](https://togithub.com/nrwl/nx/pull/22509))
- **bundling:** added support for declarations (\*.d.ts) ([#​21084](https://togithub.com/nrwl/nx/pull/21084))
- **core:** add an option to seperate the output of show with provide… ([#​23172](https://togithub.com/nrwl/nx/pull/23172))
- **core:** support finding matching projects with only negative patterns ([#​22743](https://togithub.com/nrwl/nx/pull/22743))
- **core:** default show to web view when in interactive terminal ([#​23358](https://togithub.com/nrwl/nx/pull/23358))
- **core:** resolve nx migrate target version against registry ([#​23450](https://togithub.com/nrwl/nx/pull/23450))
- **core:** allow executor definition to point to another executor ([#​23576](https://togithub.com/nrwl/nx/pull/23576))
- **core:** add bun package manager ([#​22602](https://togithub.com/nrwl/nx/pull/22602))
- **graph:** change gradle and nextjs svg ([#​23201](https://togithub.com/nrwl/nx/pull/23201))
- **graph:** show script content in header ([#​23257](https://togithub.com/nrwl/nx/pull/23257))
- **misc:** improve nx cloud setup prompts and messaging ([#​23218](https://togithub.com/nrwl/nx/pull/23218))
- **module-federation:** add remote configuration override ([#​19694](https://togithub.com/nrwl/nx/pull/19694))
- **nextjs:** Update Next & Tailwindcss Package ([#​23313](https://togithub.com/nrwl/nx/pull/23313))
- **nx-dev:** show banner on documentation pages ([#​23266](https://togithub.com/nrwl/nx/pull/23266))
- **nx-dev:** check for missing images ([#​23248](https://togithub.com/nrwl/nx/pull/23248))
- **nx-dev:** put banner above menu ([#​23335](https://togithub.com/nrwl/nx/pull/23335))
- **nx-dev:** Add more blogs ([#​25939](https://togithub.com/nrwl/nx/pull/25939))
- **react:** Add SvgOptions for NxReactWebpackPlugin and WithNx ([#​23283](https://togithub.com/nrwl/nx/pull/23283))
- **react-native:** add optional syncDeps param to storybook executor ([#​22032](https://togithub.com/nrwl/nx/pull/22032))
- **release:** updateDependents generator option for versioning, support circular dependencies ([#​23252](https://togithub.com/nrwl/nx/pull/23252))
- **testing:** updates cypress and [@​cypress/webpack-dev-server](https://togithub.com/cypress/webpack-dev-server) ([#​22902](https://togithub.com/nrwl/nx/pull/22902))
- **testing:** remove --watch=false from inferred vitest targets to keep things inlined with vitest recommendations ([#​25975](https://togithub.com/nrwl/nx/pull/25975))
- **vite:** support incremental builds with nxViteTsPaths ([#​23908](https://togithub.com/nrwl/nx/pull/23908))
##### 🩹 Fixes
- **angular:** libraries should not contain tslib by default [#​21023](https://togithub.com/nrwl/nx/issues/21023) ([#​23423](https://togithub.com/nrwl/nx/pull/23423), [#​21023](https://togithub.com/nrwl/nx/issues/21023))
- **angular:** [@​angular/core](https://togithub.com/angular/core) should always be provided as a shared package [#​19121](https://togithub.com/nrwl/nx/issues/19121) ([#​23464](https://togithub.com/nrwl/nx/pull/23464), [#​19121](https://togithub.com/nrwl/nx/issues/19121))
- **bundling:** rollup does not log build errors ([#​23141](https://togithub.com/nrwl/nx/pull/23141))
- **bundling:** resolve index files from ts paths when running esbuild without bundling ([#​23098](https://togithub.com/nrwl/nx/pull/23098))
- **core:** set yarn berry nodeLinker correctly in migrate command ([#​23249](https://togithub.com/nrwl/nx/pull/23249))
- **core:** show project --web shouldn't error ([#​23251](https://togithub.com/nrwl/nx/pull/23251))
- **core:** update getLastValueFromAsyncIterableIterator to support AsyncIterables returned from executors ([#​23229](https://togithub.com/nrwl/nx/pull/23229))
- **core:** include more binary extensions ([#​22788](https://togithub.com/nrwl/nx/pull/22788), [#​22861](https://togithub.com/nrwl/nx/pull/22861))
- **core:** workspace remove generator should handle no root jest config ([#​23328](https://togithub.com/nrwl/nx/pull/23328))
- **core:** addPlugin should not conflict on project.json targets ([#​23264](https://togithub.com/nrwl/nx/pull/23264))
- **core:** throw a specific error for print-affected and affected graph ([#​23336](https://togithub.com/nrwl/nx/pull/23336))
- **core:** properly indent command output with mixed line endings ([#​23321](https://togithub.com/nrwl/nx/pull/23321))
- **core:** read socket dir on demand & load .env files on client startup ([#​23348](https://togithub.com/nrwl/nx/pull/23348))
- **core:** not load env files when NX_LOAD_DOT_ENV_FILES is false ([#​23231](https://togithub.com/nrwl/nx/pull/23231))
- **core:** addPlugin should not conflict on project.json targ… ([#​23391](https://togithub.com/nrwl/nx/pull/23391))
- **core:** fix affected detection for inputs after named inputs ([#​23354](https://togithub.com/nrwl/nx/pull/23354))
- **core:** fix eslint --help command ([#​23274](https://togithub.com/nrwl/nx/pull/23274))
- **core:** copy native files to tmp file location instead of .nx/cache ([#​23375](https://togithub.com/nrwl/nx/pull/23375))
- **core:** retry interrupted errors when writing to stdout ([#​23359](https://togithub.com/nrwl/nx/pull/23359))
- **core:** do not add an ending new line when serializing a json ([#​23440](https://togithub.com/nrwl/nx/pull/23440))
- **core:** migrate should warn if package does not exist ([#​23317](https://togithub.com/nrwl/nx/pull/23317))
- **core:** azure ci workflow ([#​23453](https://togithub.com/nrwl/nx/pull/23453))
- **core:** only check for `err` in `handleWorkspaceChanges` ([#​23500](https://togithub.com/nrwl/nx/pull/23500))
- **core:** remove duplicate `js-yaml` packages ([f1ae1bc879](https://togithub.com/nrwl/nx/commit/f1ae1bc879))
- **core:** fix alias package parsing and pruning for npm ([#​23474](https://togithub.com/nrwl/nx/pull/23474))
- **core:** install packages per migration when creating commits ([#​23820](https://togithub.com/nrwl/nx/pull/23820))
- **core:** more helpful output for format:check --verbose ([#​23503](https://togithub.com/nrwl/nx/pull/23503))
- **core:** fix buildTargetFromScript takes a long time ([#​25209](https://togithub.com/nrwl/nx/pull/25209))
- **core:** cache getting the package manager to the module scope ([#​25992](https://togithub.com/nrwl/nx/pull/25992))
- **core:** use zkochan/js-yaml directly to avoid false audit errors ([#​25999](https://togithub.com/nrwl/nx/pull/25999))
- **core:** use current user when hashing native file & enable setting its directory via env ([#​24326](https://togithub.com/nrwl/nx/pull/24326))
- **devkit:** combineAsyncIterable should not be blocking when error occurs [#​21393](https://togithub.com/nrwl/nx/issues/21393) ([#​23400](https://togithub.com/nrwl/nx/pull/23400), [#​21393](https://togithub.com/nrwl/nx/issues/21393))
- **gradle:** use local gradlew instead of sdkman ([#​23205](https://togithub.com/nrwl/nx/pull/23205))
- **gradle:** run gradle init if no settings.gradle ([#​23226](https://togithub.com/nrwl/nx/pull/23226))
- **graph:** properly remove <base> tag when generating static graph file ([#​23399](https://togithub.com/nrwl/nx/pull/23399))
- **graph:** reload graph app only when hash changes in watch mode ([#​23434](https://togithub.com/nrwl/nx/pull/23434))
- **js:** Adds mjs files to prettierrcNameOptions ([#​21796](https://togithub.com/nrwl/nx/pull/21796))
- **js:** copy assets handler should correctly handle assets on windows ([#​23351](https://togithub.com/nrwl/nx/pull/23351))
- **js:** Respect loose option provided from config ([#​23406](https://togithub.com/nrwl/nx/pull/23406))
- **js:** fix update package.json ([#​21415](https://togithub.com/nrwl/nx/pull/21415))
- **js:** print warning when --generateLockfile is used with Bun rather than erroring out ([#​25158](https://togithub.com/nrwl/nx/pull/25158))
- **js:** export setup verdaccio generator ([#​24008](https://togithub.com/nrwl/nx/pull/24008))
- **js:** handle tsconfig file with no compilerOptions ([#​25966](https://togithub.com/nrwl/nx/pull/25966))
- **linter:** ensure config.rules is spread into rules in flat config migration ([#​23263](https://togithub.com/nrwl/nx/pull/23263))
- **linter:** ensure all spreads are removed from rules before parsing ([#​23292](https://togithub.com/nrwl/nx/pull/23292))
- **linter:** log transpilation errors of workspace rules ([#​21503](https://togithub.com/nrwl/nx/pull/21503))
- **linter:** rename languageSettings to languageOptions for flat config migration ([#​22924](https://togithub.com/nrwl/nx/pull/22924))
- **linter:** fix migrating projects with the eslint plugin ([#​23147](https://togithub.com/nrwl/nx/pull/23147))
- **linter:** support eslint v9 ([#​24632](https://togithub.com/nrwl/nx/pull/24632))
- **linter:** only set flat config env for eslint v9+ ([#​25189](https://togithub.com/nrwl/nx/pull/25189))
- **linter:** only depend on eslint v8 ([#​25938](https://togithub.com/nrwl/nx/pull/25938))
- **linter:** migrate no-extra-semi rules into user config, out of nx extendable configs ([#​26011](https://togithub.com/nrwl/nx/pull/26011))
- **linter:** move eslint to peerDependencies and allow eslint 9 ([#​26013](https://togithub.com/nrwl/nx/pull/26013))
- **misc:** create workspaces and default app with the name as provided ([#​23196](https://togithub.com/nrwl/nx/pull/23196))
- **misc:** adjust deprecation messages to v20 ([#​23223](https://togithub.com/nrwl/nx/pull/23223))
- **misc:** move e2e-ci to a separate parallel 1 command ([#​23305](https://togithub.com/nrwl/nx/pull/23305))
- **misc:** guard against failure to decode file in migration ([#​23069](https://togithub.com/nrwl/nx/pull/23069))
- **misc:** adjust npm keywords ([#​24743](https://togithub.com/nrwl/nx/pull/24743))
- **misc:** various inference plugins caching should track changes ([#​23315](https://togithub.com/nrwl/nx/pull/23315))
- **module-federation:** nested projects should be ordered first when reading from tsconfig paths [#​20284](https://togithub.com/nrwl/nx/issues/20284) ([#​23212](https://togithub.com/nrwl/nx/pull/23212), [#​20284](https://togithub.com/nrwl/nx/issues/20284))
- **module-federation:** Throw an error if remote is invalid ([#​23100](https://togithub.com/nrwl/nx/pull/23100))
- **nextjs:** Moving a library using [@​nx/workspace](https://togithub.com/nx/workspace):move should update … ([#​23311](https://togithub.com/nrwl/nx/pull/23311))
- **nextjs:** additional experimental HTTPS options ([#​23334](https://togithub.com/nrwl/nx/pull/23334))
- **node:** Docker generator should work ([#​23452](https://togithub.com/nrwl/nx/pull/23452))
- **nx-cloud:** ensure generated ci workflows use dlx for nx-cloud ([#​23333](https://togithub.com/nrwl/nx/pull/23333))
- **nx-dev:** fix home page mobile menu ([#​23250](https://togithub.com/nrwl/nx/pull/23250))
- **nx-dev:** move table of contents down ([#​23350](https://togithub.com/nrwl/nx/pull/23350))
- **react:** respect unitTestRunner passed to the generator ([#​23383](https://togithub.com/nrwl/nx/pull/23383))
- **react:** remote generator should update host's app routes ([#​23499](https://togithub.com/nrwl/nx/pull/23499))
- **react:** applications not using plugin usage should set target defaults ([#​23582](https://togithub.com/nrwl/nx/pull/23582))
- **react-native:** fix test-setup for react native/expo jest ([#​23314](https://togithub.com/nrwl/nx/pull/23314))
- **release:** ensure changelog renderers are resolvable when processing config ([#​23214](https://togithub.com/nrwl/nx/pull/23214))
- **release:** invalid tag for fixed groups without changes ([#​22800](https://togithub.com/nrwl/nx/pull/22800))
- **release:** npm publish error when file path contains spaces ([#​24750](https://togithub.com/nrwl/nx/pull/24750))
- **repo:** hash proper projects when nx ([#​23506](https://togithub.com/nrwl/nx/pull/23506))
- **storybook:** should handle inferred cypress when generating cypress project [#​21770](https://togithub.com/nrwl/nx/issues/21770) ([#​23327](https://togithub.com/nrwl/nx/pull/23327), [#​21770](https://togithub.com/nrwl/nx/issues/21770))
- **testing:** resolve absolute paths for ts path mappings in jest resolver ([#​23346](https://togithub.com/nrwl/nx/pull/23346))
- **testing:** ignore jest-sequencer- paths in jest resolver ([#​23396](https://togithub.com/nrwl/nx/pull/23396))
- **testing:** check for project eslint config file in cypress and pla… ([#​23401](https://togithub.com/nrwl/nx/pull/23401))
- **testing:** handle existing jest preset file correctly ([#​23437](https://togithub.com/nrwl/nx/pull/23437))
- **vite:** don't generate tasks for remix projects ([#​22551](https://togithub.com/nrwl/nx/pull/22551))
- **vite:** get tsconfig from new path including target ([#​22775](https://togithub.com/nrwl/nx/pull/22775))
- **vite:** support passing --watch to inferred vitest commands ([#​23298](https://togithub.com/nrwl/nx/pull/23298))
- **vite:** generate vitest cache dir scoped to each project root and normalize vite cache dir ([#​23330](https://togithub.com/nrwl/nx/pull/23330))
- **vite:** migration should handle config object correctly [#​20921](https://togithub.com/nrwl/nx/issues/20921) ([#​23364](https://togithub.com/nrwl/nx/pull/23364), [#​20921](https://togithub.com/nrwl/nx/issues/20921))
- **vite:** add prop to config to ensure output dir is emptied [#​23382](https://togithub.com/nrwl/nx/issues/23382) ([#​23466](https://togithub.com/nrwl/nx/pull/23466), [#​23382](https://togithub.com/nrwl/nx/issues/23382))
- **vue:** ootb unit testing should work with --routing [#​19921](https://togithub.com/nrwl/nx/issues/19921) ([#​23441](https://togithub.com/nrwl/nx/pull/23441), [#​19921](https://togithub.com/nrwl/nx/issues/19921))
- **web:** Add strict mode ([#​23457](https://togithub.com/nrwl/nx/pull/23457))
- **web:** Add strict mode" ([#​23472](https://togithub.com/nrwl/nx/pull/23472))
- **web:** Add strict mode for [@​nx/web](https://togithub.com/nx/web) ([#​23497](https://togithub.com/nrwl/nx/pull/23497))
- **webpack:** fix default compiler option ([#​22762](https://togithub.com/nrwl/nx/pull/22762))
- **webpack:** don't overwrite output config ([#​22116](https://togithub.com/nrwl/nx/pull/22116))
- **webpack:** publicPath and rebaseRootRelative ([#​20992](https://togithub.com/nrwl/nx/pull/20992))
- **webpack:** apply-base-config should initialize options it will set [#​23296](https://togithub.com/nrwl/nx/issues/23296) ([#​23368](https://togithub.com/nrwl/nx/pull/23368), [#​23296](https://togithub.com/nrwl/nx/issues/23296))
- **webpack:** only add entrypoints if they are intentionally injected [#​20049](https://togithub.com/nrwl/nx/issues/20049) ([#​23444](https://togithub.com/nrwl/nx/pull/23444), [#​20049](https://togithub.com/nrwl/nx/issues/20049))
##### ❤️ Thank You
- andriizavoiko [@​andriizavoiko](https://togithub.com/andriizavoiko)
- arekkubaczkowski [@​arekkubaczkowski](https://togithub.com/arekkubaczkowski)
- castleadmin [@​castleadmin](https://togithub.com/castleadmin)
- Colum Ferry [@​Coly010](https://togithub.com/Coly010)
- Craigory Coppola [@​AgentEnder](https://togithub.com/AgentEnder)
- Daniel Santiago
- Denis Bendrikov
- dmcweeney
- Dmitry Zakharov [@​pumano](https://togithub.com/pumano)
- Edward Wang [@​wzc0415](https://togithub.com/wzc0415)
- Emily Xiong [@​xiongemi](https://togithub.com/xiongemi)
- Isaac Mann [@​isaacplmann](https://togithub.com/isaacplmann)
- Jack Hsu [@​jaysoo](https://togithub.com/jaysoo)
- James Henry [@​JamesHenry](https://togithub.com/JamesHenry)
- Jason Jean [@​FrozenPandaz](https://togithub.com/FrozenPandaz)
- Jonathan Cammisuli
- Jordan Hall [@​Jordan-Hall](https://togithub.com/Jordan-Hall)
- Katerina Skroumpelou [@​mandarini](https://togithub.com/mandarini)
- Krystian Sowiński [@​plumcoding](https://togithub.com/plumcoding)
- Leosvel Pérez Espinosa [@​leosvelperez](https://togithub.com/leosvelperez)
- Mateo Tibaquirá
- Matthias Stemmler [@​ms-tng](https://togithub.com/ms-tng)
- MaxKless [@​MaxKless](https://togithub.com/MaxKless)
- Mehrad Rafigh [@​mehrad-rafigh](https://togithub.com/mehrad-rafigh)
- Mike Peters
- Miroslav Jonaš [@​meeroslav](https://togithub.com/meeroslav)
- Nicholas Cunningham [@​ndcunningham](https://togithub.com/ndcunningham)
- Patrick P [@​ppfenning92](https://togithub.com/ppfenning92)
- Phillip Barta [@​Phillip9587](https://togithub.com/Phillip9587)
- Robin Csutorás
- Sean Sanker
- Younes Jaaidi
</details>
<details>
<summary>cloudflare/wrangler-action (cloudflare/wrangler-action)</summary>
### [`v3.6.1`](https://togithub.com/cloudflare/wrangler-action/releases/tag/v3.6.1)
[Compare Source](https://togithub.com/cloudflare/wrangler-action/compare/v3.6.0...v3.6.1)
##### Patch Changes
- [#​265](https://togithub.com/cloudflare/wrangler-action/pull/265) [`2d275a8f2d279dc91912c1ff8023af109ef3280c`](https://togithub.com/cloudflare/wrangler-action/commit/2d275a8f2d279dc91912c1ff8023af109ef3280c) Thanks [@​Maximo-Guk](https://togithub.com/Maximo-Guk)! - Reverts [#​235](https://togithub.com/cloudflare/wrangler-action/issues/235) which may have caused the latest version of wrangler to be installed, if no wrangler version was found
</details>
<details>
<summary>megahertz/electron-log (electron-log)</summary>
### [`v5.1.5`](https://togithub.com/megahertz/electron-log/compare/v5.1.4...v5.1.5)
[Compare Source](https://togithub.com/megahertz/electron-log/compare/v5.1.4...v5.1.5)
</details>
<details>
<summary>evanw/esbuild (esbuild)</summary>
### [`v0.21.4`](https://togithub.com/evanw/esbuild/blob/HEAD/CHANGELOG.md#0214)
[Compare Source](https://togithub.com/evanw/esbuild/compare/v0.21.3...v0.21.4)
- Update support for import assertions and import attributes in node ([#​3778](https://togithub.com/evanw/esbuild/issues/3778))
Import assertions (the `assert` keyword) have been removed from node starting in v22.0.0. So esbuild will now strip them and generate a warning with `--target=node22` or above:
▲ [WARNING] The "assert" keyword is not supported in the configured target environment ("node22") [assert-to-with]
example.mjs:1:40:
1 │ import json from "esbuild/package.json" assert { type: "json" }
│ ~~~~~~
╵ with
Did you mean to use "with" instead of "assert"?
Import attributes (the `with` keyword) have been backported to node 18 starting in v18.20.0. So esbuild will no longer strip them with `--target=node18.N` if `N` is 20 or greater.
- Fix `for await` transform when a label is present
This release fixes a bug where the `for await` transform, which wraps the loop in a `try` statement, previously failed to also move the loop's label into the `try` statement. This bug only affects code that uses both of these features in combination. Here's an example of some affected code:
```js
// Original code
async function test() {
outer: for await (const x of [Promise.resolve([0, 1])]) {
for (const y of x) if (y) break outer
throw 'fail'
}
}
// Old output (with --target=es6)
function test() {
return __async(this, null, function* () {
outer: try {
for (var iter = __forAwait([Promise.resolve([0, 1])]), more, temp, error; more = !(temp = yield iter.next()).done; more = false) {
const x = temp.value;
for (const y of x) if (y) break outer;
throw "fail";
}
} catch (temp) {
error = [temp];
} finally {
try {
more && (temp = iter.return) && (yield temp.call(iter));
} finally {
if (error)
throw error[0];
}
}
});
}
// New output (with --target=es6)
function test() {
return __async(this, null, function* () {
try {
outer: for (var iter = __forAwait([Promise.resolve([0, 1])]), more, temp, error; more = !(temp = yield iter.next()).done; more = false) {
const x = temp.value;
for (const y of x) if (y) break outer;
throw "fail";
}
} catch (temp) {
error = [temp];
} finally {
try {
more && (temp = iter.return) && (yield temp.call(iter));
} finally {
if (error)
throw error[0];
}
}
});
}
```
- Do additional constant folding after cross-module enum inlining ([#​3416](https://togithub.com/evanw/esbuild/issues/3416), [#​3425](https://togithub.com/evanw/esbuild/issues/3425))
This release adds a few more cases where esbuild does constant folding after cross-module enum inlining.
```ts
// Original code: enum.ts
export enum Platform {
WINDOWS = 'windows',
MACOS = 'macos',
LINUX = 'linux',
}
// Original code: main.ts
import { Platform } from './enum';
declare const PLATFORM: string;
export function logPlatform() {
if (PLATFORM == Platform.WINDOWS) console.log('Windows');
else if (PLATFORM == Platform.MACOS) console.log('macOS');
else if (PLATFORM == Platform.LINUX) console.log('Linux');
else console.log('Other');
}
// Old output (with --bundle '--define:PLATFORM="macos"' --minify --format=esm)
function n(){"windows"=="macos"?console.log("Windows"):"macos"=="macos"?console.log("macOS"):"linux"=="macos"?console.log("Linux"):console.log("Other")}export{n as logPlatform};
// New output (with --bundle '--define:PLATFORM="macos"' --minify --format=esm)
function n(){console.log("macOS")}export{n as logPlatform};
```
- Pass import attributes to on-resolve plugins ([#​3384](https://togithub.com/evanw/esbuild/issues/3384), [#​3639](https://togithub.com/evanw/esbuild/issues/3639), [#​3646](https://togithub.com/evanw/esbuild/issues/3646))
With this release, on-resolve plugins will now have access to the import attributes on the import via the `with` property of the arguments object. This mirrors the `with` property of the arguments object that's already passed to on-load plugins. In addition, you can now pass `with` to the `resolve()` API call which will then forward that value on to all relevant plugins. Here's an example of a plugin that can now be written:
```js
const examplePlugin = {
name: 'Example plugin',
setup(build) {
build.onResolve({ filter: /.*/ }, args => {
if (args.with.type === 'external')
return { external: true }
})
}
}
require('esbuild').build({
stdin: {
contents: `
import foo from "./foo" with { type: "external" }
foo()
`,
},
bundle: true,
format: 'esm',
write: false,
plugins: [examplePlugin],
}).then(result => {
console.log(result.outputFiles[0].text)
})
```
- Formatting support for the `@position-try` rule ([#​3773](https://togithub.com/evanw/esbuild/issues/3773))
Chrome shipped this new CSS at-rule in version 125 as part of the [CSS anchor positioning API](https://developer.chrome.com/blog/anchor-positioning-api). With this release, esbuild now knows to expect a declaration list inside of the `@position-try` body block and will format it appropriately.
- Always allow internal string import and export aliases ([#​3343](https://togithub.com/evanw/esbuild/issues/3343))
Import and export names can be string literals in ES2022+. Previously esbuild forbid any usage of these aliases when the target was below ES2022. Starting with this release, esbuild will only forbid such usage when the alias would otherwise end up in output as a string literal. String literal aliases that are only used internally in the bundle and are "compiled away" are no longer errors. This makes it possible to use string literal aliases with esbuild's `inject` feature even when the target is earlier than ES2022.
</details>
<details>
<summary>okonet/lint-staged (lint-staged)</summary>
### [`v15.2.5`](https://togithub.com/okonet/lint-staged/blob/HEAD/CHANGELOG.md#1525)
[Compare Source](https://togithub.com/okonet/lint-staged/compare/v15.2.4...v15.2.5)
##### Patch Changes
- [#​1424](https://togithub.com/lint-staged/lint-staged/pull/1424) [`31a1f95`](https://togithub.com/lint-staged/lint-staged/commit/31a1f9548ea8202bc5bd718076711f747396e3ca) Thanks [@​iiroj](https://togithub.com/iiroj)! - Allow approximately equivalent versions of direct dependencies by using the "~" character in the version ranges. This means a more recent patch version of a dependency is allowed if available.
- [#​1423](https://togithub.com/lint-staged/lint-staged/pull/1423) [`91abea0`](https://togithub.com/lint-staged/lint-staged/commit/91abea0d298154d92113ba34bae4020704e22918) Thanks [@​iiroj](https://togithub.com/iiroj)! - Improve error logging when failing to read or parse a configuration file
- [#​1424](https://togithub.com/lint-staged/lint-staged/pull/1424) [`ee43f15`](https://togithub.com/lint-staged/lint-staged/commit/ee43f154097753dd5448766f792387e60e0ea453) Thanks [@​iiroj](https://togithub.com/iiroj)! - Upgrade micromatch@4.0.7
</details>
<details>
<summary>remy/nodemon (nodemon)</summary>
### [`v3.1.1`](https://togithub.com/remy/nodemon/releases/tag/v3.1.1)
[Compare Source](https://togithub.com/remy/nodemon/compare/v3.1.0...v3.1.1)
##### Bug Fixes
- add types to help with required nodemon usage ([#​2204](https://togithub.com/remy/nodemon/issues/2204)) ([cd27c0b](https://togithub.com/remy/nodemon/commit/cd27c0b50584e078a10338ef0c37282255f3f9ca))
</details>
<details>
<summary>Amanieu/parking_lot (parking_lot)</summary>
### [`v0.12.3`](https://togithub.com/Amanieu/parking_lot/blob/HEAD/CHANGELOG.md#parkinglot-0123-2024-05-24)
[Compare Source](https://togithub.com/Amanieu/parking_lot/compare/0.12.2...0.12.3)
- Export types provided by arc_lock feature ([#​442](https://togithub.com/Amanieu/parking_lot/issues/442))
</details>
<details>
<summary>petyosi/react-virtuoso (react-virtuoso)</summary>
### [`v4.7.11`](https://togithub.com/petyosi/react-virtuoso/releases/tag/v4.7.11)
[Compare Source](https://togithub.com/petyosi/react-virtuoso/compare/v4.7.10...v4.7.11)
##### Bug Fixes
- update initialTopMostItemIndex type in TableVirtuoso interface ([#​1091](https://togithub.com/petyosi/react-virtuoso/issues/1091)) ([9a93e93](https://togithub.com/petyosi/react-virtuoso/commit/9a93e93dcbe5c02ad61dbd87d5e0c27251a583c6))
</details>
<details>
<summary>serde-rs/serde (serde)</summary>
### [`v1.0.203`](https://togithub.com/serde-rs/serde/compare/v1.0.202...v1.0.203)
[Compare Source](https://togithub.com/serde-rs/serde/compare/v1.0.202...v1.0.203)
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNjguMTAiLCJ1cGRhdGVkSW5WZXIiOiIzNy4zNjguMTAiLCJ0YXJnZXRCcmFuY2giOiJjYW5hcnkiLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19-->
2024-05-27 08:33:12 +03:00
|
|
|
checksum = "f1bf18183cf54e8d6059647fc3063646a1801cf30896933ec2311622cc4b9a27"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"lock_api",
|
|
|
|
"parking_lot_core",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "parking_lot_core"
|
2024-05-16 12:15:58 +03:00
|
|
|
version = "0.9.10"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-16 12:15:58 +03:00
|
|
|
checksum = "1e401f977ab385c9e4e3ab30627d6f26d00e2c73eef317493c4ec6d468726cf8"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"cfg-if",
|
|
|
|
"libc",
|
2024-09-03 10:42:54 +03:00
|
|
|
"redox_syscall",
|
2023-08-29 13:07:05 +03:00
|
|
|
"smallvec",
|
2024-09-03 10:42:54 +03:00
|
|
|
"windows-targets 0.52.6",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "paste"
|
2024-05-16 12:15:58 +03:00
|
|
|
version = "1.0.15"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-16 12:15:58 +03:00
|
|
|
checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "pem-rfc7468"
|
|
|
|
version = "0.7.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412"
|
|
|
|
dependencies = [
|
|
|
|
"base64ct",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "percent-encoding"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "2.3.1"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "pin-project-lite"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.2.14"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "bda66fc9667c18cb2758a2ac84d1167245054bcf85d5d1aaa6923f45801bdd02"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "pin-utils"
|
|
|
|
version = "0.1.0"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "pkcs1"
|
|
|
|
version = "0.7.5"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f"
|
|
|
|
dependencies = [
|
|
|
|
"der",
|
|
|
|
"pkcs8",
|
|
|
|
"spki",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "pkcs8"
|
|
|
|
version = "0.10.2"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7"
|
|
|
|
dependencies = [
|
|
|
|
"der",
|
|
|
|
"spki",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "pkg-config"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.3.30"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
2023-10-23 06:00:15 +03:00
|
|
|
[[package]]
|
2024-01-31 09:54:33 +03:00
|
|
|
name = "ppv-lite86"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.2.20"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "77957b295656769bb8ad2b6a6b09d897d94f05c41b069aede1fcdaa675eaea04"
|
|
|
|
dependencies = [
|
|
|
|
"zerocopy",
|
|
|
|
]
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
2024-01-31 09:54:33 +03:00
|
|
|
name = "proc-macro2"
|
2024-06-24 11:06:20 +03:00
|
|
|
version = "1.0.86"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-06-24 11:06:20 +03:00
|
|
|
checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
2024-01-31 09:54:33 +03:00
|
|
|
"unicode-ident",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "quote"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "1.0.37"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"proc-macro2",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "radium"
|
|
|
|
version = "0.7.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "dc33ff2d4973d518d823d61aa239014831e521c75da58e3df4840d3f47749d09"
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "rand"
|
|
|
|
version = "0.8.5"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
|
|
|
|
dependencies = [
|
|
|
|
"libc",
|
2023-09-04 10:31:00 +03:00
|
|
|
"rand_chacha",
|
|
|
|
"rand_core",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "rand_chacha"
|
|
|
|
version = "0.3.1"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
|
|
|
|
dependencies = [
|
|
|
|
"ppv-lite86",
|
2023-09-04 10:31:00 +03:00
|
|
|
"rand_core",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "rand_core"
|
|
|
|
version = "0.6.4"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
|
|
|
|
dependencies = [
|
2023-09-04 10:31:00 +03:00
|
|
|
"getrandom",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
2023-11-10 05:25:28 +03:00
|
|
|
[[package]]
|
|
|
|
name = "rand_distr"
|
|
|
|
version = "0.4.3"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "32cb0b9bc82b0a0876c2dd994a7e7a2683d3e7390ca40e6886785ef0c7e3ee31"
|
|
|
|
dependencies = [
|
|
|
|
"num-traits",
|
|
|
|
"rand",
|
|
|
|
]
|
|
|
|
|
2023-10-23 06:00:15 +03:00
|
|
|
[[package]]
|
|
|
|
name = "redox_syscall"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.5.3"
|
2024-05-16 12:15:58 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "2a908a6e00f1fdd0dfd9c0eb08ce85126f6d8bbda50017e74bc4a4b7d4a926a4"
|
2024-05-16 12:15:58 +03:00
|
|
|
dependencies = [
|
2024-09-03 10:42:54 +03:00
|
|
|
"bitflags 2.6.0",
|
2024-05-16 12:15:58 +03:00
|
|
|
]
|
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "regex"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "1.10.6"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "4219d74c6b67a3654a9fbebc4b419e22126d13d2f3c4a07ee0cb61ff79a79619"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
2023-09-04 10:31:00 +03:00
|
|
|
"aho-corasick",
|
2023-08-29 13:07:05 +03:00
|
|
|
"memchr",
|
2024-06-11 12:07:25 +03:00
|
|
|
"regex-automata 0.4.7",
|
|
|
|
"regex-syntax 0.8.4",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "regex-automata"
|
|
|
|
version = "0.1.10"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "6c230d73fb8d8c1b9c0b3135c5142a8acee3a0558fb8db5cf1cb65f8d7862132"
|
|
|
|
dependencies = [
|
|
|
|
"regex-syntax 0.6.29",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "regex-automata"
|
2024-06-11 12:07:25 +03:00
|
|
|
version = "0.4.7"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-06-11 12:07:25 +03:00
|
|
|
checksum = "38caf58cc5ef2fed281f89292ef23f6365465ed9a41b7a7754eb4e26496c92df"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
2023-09-04 10:31:00 +03:00
|
|
|
"aho-corasick",
|
2023-08-29 13:07:05 +03:00
|
|
|
"memchr",
|
2024-06-11 12:07:25 +03:00
|
|
|
"regex-syntax 0.8.4",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "regex-syntax"
|
|
|
|
version = "0.6.29"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1"
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "regex-syntax"
|
2024-06-11 12:07:25 +03:00
|
|
|
version = "0.8.4"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-06-11 12:07:25 +03:00
|
|
|
checksum = "7a66a03ae7c801facd77a29370b4faec201768915ac14a721ba36f20bc9c209b"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "ring"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.17.8"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "c17fa4cb658e3583423e915b9f3acc01cceaee1860e33d59ebae66adc3a2dc0d"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"cc",
|
2024-04-19 23:14:13 +03:00
|
|
|
"cfg-if",
|
|
|
|
"getrandom",
|
2023-08-29 13:07:05 +03:00
|
|
|
"libc",
|
2024-06-24 11:06:20 +03:00
|
|
|
"spin",
|
2023-08-29 13:07:05 +03:00
|
|
|
"untrusted",
|
2024-04-19 23:14:13 +03:00
|
|
|
"windows-sys 0.52.0",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "rsa"
|
2024-01-02 15:32:47 +03:00
|
|
|
version = "0.9.6"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-01-02 15:32:47 +03:00
|
|
|
checksum = "5d0e5124fcb30e76a7e79bfee683a2746db83784b86289f6251b54b7950a0dfc"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"const-oid",
|
|
|
|
"digest",
|
|
|
|
"num-bigint-dig",
|
|
|
|
"num-integer",
|
|
|
|
"num-traits",
|
|
|
|
"pkcs1",
|
2023-06-07 09:52:19 +03:00
|
|
|
"pkcs8",
|
2023-09-04 10:31:00 +03:00
|
|
|
"rand_core",
|
2023-08-29 13:07:05 +03:00
|
|
|
"signature",
|
2023-06-07 09:52:19 +03:00
|
|
|
"spki",
|
2023-08-29 13:07:05 +03:00
|
|
|
"subtle",
|
2023-06-07 09:52:19 +03:00
|
|
|
"zeroize",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "rustc-demangle"
|
2024-05-16 12:15:58 +03:00
|
|
|
version = "0.1.24"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-16 12:15:58 +03:00
|
|
|
checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f"
|
2023-06-07 09:52:19 +03:00
|
|
|
|
2024-05-16 10:55:10 +03:00
|
|
|
[[package]]
|
|
|
|
name = "rustc-hash"
|
|
|
|
version = "1.1.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "rustix"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.38.35"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "a85d50532239da68e9addb745ba38ff4612a242c1c7ceea689c4bc7c2f43c36f"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2024-09-03 10:42:54 +03:00
|
|
|
"bitflags 2.6.0",
|
2023-08-29 13:07:05 +03:00
|
|
|
"errno",
|
|
|
|
"libc",
|
|
|
|
"linux-raw-sys",
|
2024-04-19 23:14:13 +03:00
|
|
|
"windows-sys 0.52.0",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "rustls"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
version = "0.23.12"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
checksum = "c58f8c84392efc0a126acce10fa59ff7b3d2ac06ab451a33f2741989b806b044"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"once_cell",
|
2023-08-29 13:07:05 +03:00
|
|
|
"ring",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"rustls-pki-types",
|
2023-08-29 13:07:05 +03:00
|
|
|
"rustls-webpki",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"subtle",
|
|
|
|
"zeroize",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "rustls-pemfile"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
version = "2.1.3"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
checksum = "196fe16b00e106300d3e45ecfcb764fa292a535d7326a29a5875c579c7417425"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"base64 0.22.1",
|
|
|
|
"rustls-pki-types",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
[[package]]
|
|
|
|
name = "rustls-pki-types"
|
|
|
|
version = "1.8.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "fc0a2ce646f8655401bb81e7927b812614bd5d91dbc968696be50603510fcaf0"
|
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "rustls-webpki"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.102.7"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "84678086bd54edf2b415183ed7a94d0efb049f1b646a33e22a36f3794be6ae56"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"ring",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"rustls-pki-types",
|
2023-08-29 13:07:05 +03:00
|
|
|
"untrusted",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "rustversion"
|
2024-05-16 12:15:58 +03:00
|
|
|
version = "1.0.17"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-16 12:15:58 +03:00
|
|
|
checksum = "955d28af4278de8121b7ebeb796b6a45735dc01436d898801014aced2773a3d6"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "ryu"
|
2024-05-16 12:15:58 +03:00
|
|
|
version = "1.0.18"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-16 12:15:58 +03:00
|
|
|
checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "same-file"
|
|
|
|
version = "1.0.6"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502"
|
|
|
|
dependencies = [
|
|
|
|
"winapi-util",
|
|
|
|
]
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "scoped-tls"
|
|
|
|
version = "1.0.1"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "e1cf6437eb19a8f4a6cc0f7dca544973b0b78843adbfeb3683d1a94a0024a294"
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "scopeguard"
|
|
|
|
version = "1.2.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
|
|
|
name = "semver"
|
2024-05-16 12:15:58 +03:00
|
|
|
version = "1.0.23"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-16 12:15:58 +03:00
|
|
|
checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b"
|
2023-06-07 09:52:19 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "serde"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "1.0.209"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "99fce0ffe7310761ca6bf9faf5115afbc19688edd00171d81b1bb1b116c63e09"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"serde_derive",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "serde_derive"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "1.0.209"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "a5831b979fd7b5439637af1752d535ff49f4860c0f341d1baeb6faf0f4242170"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"syn",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "serde_json"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "1.0.127"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "8043c06d9f82bd7271361ed64f415fe5e12a77fdb52e573e7f06a516dea329ad"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"itoa",
|
chore: bump up all non-major dependencies (#7925)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type | Update |
|---|---|---|---|---|---|---|---|
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@chromatic-com/storybook](https://togithub.com/chromaui/addon-visual-tests) | [`1.6.1` -> `1.7.0`](https://renovatebot.com/diffs/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [@fal-ai/serverless-client](https://togithub.com/fal-ai/fal-js) ([source](https://togithub.com/fal-ai/fal-js/tree/HEAD/libs/client)) | [`^0.13.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@napi-rs/cli](https://togithub.com/napi-rs/napi-rs) | [`3.0.0-alpha.60` -> `3.0.0-alpha.62`](https://renovatebot.com/diffs/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@playwright/test](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@types/react](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/react) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react)) | [`18.3.3` -> `18.3.4`](https://renovatebot.com/diffs/npm/@types%2freact/18.3.3/18.3.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/css](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/css)) | [`1.15.4` -> `1.15.5`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fcss/1.15.4/1.15.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/vite-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/vite-plugin)) | [`4.0.14` -> `4.0.15`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/webpack-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/webpack-plugin)) | [`2.3.12` -> `2.3.13`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [dayjs](https://day.js.org) ([source](https://togithub.com/iamkun/dayjs)) | [`1.11.12` -> `1.11.13`](https://renovatebot.com/diffs/npm/dayjs/1.11.12/1.11.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [electron](https://togithub.com/electron/electron) | [`32.0.0` -> `32.0.1`](https://renovatebot.com/diffs/npm/electron/32.0.0/32.0.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [embla-carousel-react](https://www.embla-carousel.com) ([source](https://togithub.com/davidjerleke/embla-carousel)) | [`8.1.8` -> `8.2.0`](https://renovatebot.com/diffs/npm/embla-carousel-react/8.1.8/8.2.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [husky](https://togithub.com/typicode/husky) | [`9.1.4` -> `9.1.5`](https://renovatebot.com/diffs/npm/husky/9.1.4/9.1.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [jotai-scope](https://togithub.com/jotaijs/jotai-scope) | [`0.7.1` -> `0.7.2`](https://renovatebot.com/diffs/npm/jotai-scope/0.7.1/0.7.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [lucide-react](https://lucide.dev) ([source](https://togithub.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react)) | [`^0.408.0` -> `^0.429.0`](https://renovatebot.com/diffs/npm/lucide-react/0.408.0/0.429.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [napi](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.7` -> `3.0.0-alpha.8` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [napi-derive](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.6` -> `3.0.0-alpha.7` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [nestjs-throttler-storage-redis](https://togithub.com/kkoomen/nestjs-throttler-storage-redis) | [`^0.4.1` -> `^0.5.0`](https://renovatebot.com/diffs/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [node](https://nodejs.org) ([source](https://togithub.com/nodejs/node)) | `20.15.1` -> `20.16.0` | [![age](https://developer.mend.io/api/mc/badges/age/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor |
| openresty/openresty | `1.25.3.1-0-buster` -> `1.25.3.2-0-buster` | [![age](https://developer.mend.io/api/mc/badges/age/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | final | patch |
| [playwright](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/playwright/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [react-refresh](https://reactjs.org/) ([source](https://togithub.com/facebook/react/tree/HEAD/packages/react)) | [`^0.10.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/react-refresh/0.10.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [serde](https://serde.rs) ([source](https://togithub.com/serde-rs/serde)) | `1.0.204` -> `1.0.208` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [serde_json](https://togithub.com/serde-rs/json) | `1.0.120` -> `1.0.125` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [storybook-dark-mode](https://togithub.com/hipstersmoothie/storybook-dark-mode) | [`4.0.1` -> `4.0.2`](https://renovatebot.com/diffs/npm/storybook-dark-mode/4.0.1/4.0.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dev-dependencies | minor |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | minor |
| [vite](https://vitejs.dev) ([source](https://togithub.com/vitejs/vite/tree/HEAD/packages/vite)) | [`5.4.1` -> `5.4.2`](https://renovatebot.com/diffs/npm/vite/5.4.1/5.4.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [vite-plugin-dts](https://togithub.com/qmhc/vite-plugin-dts) | [`4.0.2` -> `4.0.3`](https://renovatebot.com/diffs/npm/vite-plugin-dts/4.0.2/4.0.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [wrangler](https://togithub.com/cloudflare/workers-sdk) ([source](https://togithub.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler)) | [`3.72.0` -> `3.72.1`](https://renovatebot.com/diffs/npm/wrangler/3.72.0/3.72.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
---
### Release Notes
<details>
<summary>aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)</summary>
### [`v3.635.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#36350-2024-08-20)
[Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.633.0...v3.635.0)
##### Features
- **client-s3:** Amazon Simple Storage Service / Features : Add support for conditional writes for PutObject and CompleteMultipartUpload APIs. ([b474584](https://togithub.com/aws/aws-sdk-js-v3/commit/b474584f2cfb0438fb1007d0594a54cf1a1c2dcb))
- **codegen:** add Smithy RPCv2 CBOR to list of protocols ([#​6096](https://togithub.com/aws/aws-sdk-js-v3/issues/6096)) ([5154d4f](https://togithub.com/aws/aws-sdk-js-v3/commit/5154d4f19bc77a7bad075b35ce135d3b5f60ad1d))
</details>
<details>
<summary>chromaui/addon-visual-tests (@​chromatic-com/storybook)</summary>
### [`v1.7.0`](https://togithub.com/chromaui/addon-visual-tests/blob/HEAD/CHANGELOG.md#v170-Tue-Aug-20-2024)
[Compare Source](https://togithub.com/chromaui/addon-visual-tests/compare/v1.6.1...v1.7.0)
##### 🚀 Enhancement
- Update story status reporting for Storybook 8.3 and use new `SET_FILTER` event [#​332](https://togithub.com/chromaui/addon-visual-tests/pull/332) ([@​ghengeveld](https://togithub.com/ghengeveld))
##### Authors: 1
- Gert Hengeveld ([@​ghengeveld](https://togithub.com/ghengeveld))
***
</details>
<details>
<summary>emotion-js/emotion (@​emotion/react)</summary>
### [`v11.13.3`](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...3f468846855ed1c6092922a6317a6f5df0ba8dcc)
[Compare Source](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...@emotion/react@11.13.3)
</details>
<details>
<summary>fal-ai/fal-js (@​fal-ai/serverless-client)</summary>
### [`v0.14.2`](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
### [`v0.14.1`](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
### [`v0.14.0`](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
</details>
<details>
<summary>napi-rs/napi-rs (@​napi-rs/cli)</summary>
### [`v3.0.0-alpha.62`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
### [`v3.0.0-alpha.61`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
</details>
<details>
<summary>microsoft/playwright (@​playwright/test)</summary>
### [`v1.46.1`](https://togithub.com/microsoft/playwright/compare/v1.46.0...e1c861cfa7a6caf3c5b798786b1e6298c4f3cf31)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.46.0...v1.46.1)
### [`v1.46.0`](https://togithub.com/microsoft/playwright/compare/v1.45.3...99a36310570617222290c09b96a2026beb8b00f9)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.3...v1.46.0)
### [`v1.45.3`](https://togithub.com/microsoft/playwright/compare/v1.45.2...0e130fa8edaf85765c4a5a86bded0e6d33bfd7c2)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.2...v1.45.3)
### [`v1.45.2`](https://togithub.com/microsoft/playwright/compare/v1.45.1...d8a5f3b33193e413b404ff4aa1f71e859d8f1b6b)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.1...v1.45.2)
### [`v1.45.1`](https://togithub.com/microsoft/playwright/compare/v1.45.0...e8989f83d9801cdaadc3803b5341c601c9593947)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.0...v1.45.1)
### [`v1.45.0`](https://togithub.com/microsoft/playwright/compare/v1.44.1...4f3f6eecae490af444dd9298c9eaeb0c596915b7)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.44.1...v1.45.0)
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/css)</summary>
### [`v1.15.5`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/css/CHANGELOG.md#1155)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/css@1.15.4...@vanilla-extract/css@1.15.5)
##### Patch Changes
- [#​1466](https://togithub.com/vanilla-extract-css/vanilla-extract/pull/1466) [`6432199fa0717f424fb3f45fbe36410b03b01c1c`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/6432199fa0717f424fb3f45fbe36410b03b01c1c) Thanks [@​askoufis](https://togithub.com/askoufis)! - Speed up dev prefix generation for long file paths
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/vite-plugin)</summary>
### [`v4.0.15`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/vite-plugin/CHANGELOG.md#4015)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/vite-plugin@4.0.14...@vanilla-extract/vite-plugin@4.0.15)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/webpack-plugin)</summary>
### [`v2.3.13`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/webpack-plugin/CHANGELOG.md#2313)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/webpack-plugin@2.3.12...@vanilla-extract/webpack-plugin@2.3.13)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>zloirock/core-js (core-js)</summary>
### [`v3.38.1`](https://togithub.com/zloirock/core-js/blob/HEAD/CHANGELOG.md#3381---20240820)
[Compare Source](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Changes [v3.38.0...v3.38.1](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Fixed some cases of `URLSearchParams` percent decoding, [#​1357](https://togithub.com/zloirock/core-js/issues/1357), [#​1361](https://togithub.com/zloirock/core-js/pull/1361), thanks [**@​slowcheetah**](https://togithub.com/slowcheetah)
- Some stylistic changes and minor optimizations
- Compat data improvements:
- [`Iterator` helpers proposal](https://togithub.com/tc39/proposal-iterator-helpers) methods marked as [shipped from FF131](https://bugzilla.mozilla.org/show_bug.cgi?id=1896390)
- [`Math.f16round` and `DataView.prototype.{ getFloat16, setFloat16 }`](https://togithub.com/tc39/proposal-float16array) marked as shipped from Bun 1.1.23
- [`RegExp.escape`](https://togithub.com/tc39/proposal-regex-escaping) marked as shipped from Bun 1.1.22
- [`Promise.try`](https://togithub.com/tc39/proposal-promise-try) marked as shipped from Bun 1.1.22
- [`Uint8Array` to / from base64 and hex proposal](https://togithub.com/tc39/proposal-arraybuffer-base64) methods marked as shipped from Bun 1.1.22
- Added Hermes 0.13 compat data, similar to React Native 0.75 Hermes
- Added Opera Android 84 compat data mapping
</details>
<details>
<summary>iamkun/dayjs (dayjs)</summary>
### [`v1.11.13`](https://togithub.com/iamkun/dayjs/compare/v1.11.12...93c8fd0f807b8a8252f4cd65083bb1d6a49b90e7)
[Compare Source](https://togithub.com/iamkun/dayjs/compare/v1.11.12...v1.11.13)
</details>
<details>
<summary>electron/electron (electron)</summary>
### [`v32.0.1`](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
[Compare Source](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
</details>
<details>
<summary>davidjerleke/embla-carousel (embla-carousel-react)</summary>
### [`v8.2.0`](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...6baf1555c6f68e88a7f785213ecf363f447a8b2f)
[Compare Source](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...v8.2.0)
</details>
<details>
<summary>typicode/husky (husky)</summary>
### [`v9.1.5`](https://togithub.com/typicode/husky/compare/v9.1.4...2fee8d212c601942ad146ea9209f15c20a07fb6d)
[Compare Source](https://togithub.com/typicode/husky/compare/v9.1.4...v9.1.5)
</details>
<details>
<summary>jotaijs/jotai-scope (jotai-scope)</summary>
### [`v0.7.2`](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
[Compare Source](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
</details>
<details>
<summary>lucide-icons/lucide (lucide-react)</summary>
### [`v0.429.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.429.0): New icons 0.429.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.428.0...0.429.0)
#### Modified Icons 🔨
- `message-square-dashed` ([#​2374](https://togithub.com/lucide-icons/lucide/issues/2374)) by [@​jguddas](https://togithub.com/jguddas)
- `stethoscope` ([#​2379](https://togithub.com/lucide-icons/lucide/issues/2379)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.428.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.428.0): New icons 0.428.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.427.0...0.428.0)
#### New icons 🎨
- `tickets-plane` ([#​2196](https://togithub.com/lucide-icons/lucide/issues/2196)) by [@​jguddas](https://togithub.com/jguddas)
#### Modified Icons 🔨
- `folder-search` ([#​2354](https://togithub.com/lucide-icons/lucide/issues/2354)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.427.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.427.0): New icons 0.427.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.426.0...0.427.0)
#### New icons 🎨
- `binoculars` ([#​2207](https://togithub.com/lucide-icons/lucide/issues/2207)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `tickets` ([#​2335](https://togithub.com/lucide-icons/lucide/issues/2335)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.426.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.426.0): New icons 0.426.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.425.0...0.426.0)
#### New icons 🎨
- `chevrons-left-right-ellipsis` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
- `ethernet-port` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
#### Modified Icons 🔨
- `cigarette-off` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
- `cigarette` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.425.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.425.0): New icons 0.425.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.424.0...0.425.0)
#### New icons 🎨
- `bandage` ([#​2341](https://togithub.com/lucide-icons/lucide/issues/2341)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `table-of-contents` ([#​2348](https://togithub.com/lucide-icons/lucide/issues/2348)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `mouse-pointer-2` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-ban` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-click` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-dashed-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.424.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.424.0): New icons 0.424.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.423.0...0.424.0)
#### New icons 🎨
- `map-pin-house` ([#​2337](https://togithub.com/lucide-icons/lucide/issues/2337)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `replace-all` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
- `replace` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.423.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.423.0): New icons 0.423.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.422.0...0.423.0)
#### New icons 🎨
- `amphora` ([#​1926](https://togithub.com/lucide-icons/lucide/issues/1926)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.422.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.422.0): New icons 0.422.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.421.0...0.422.0)
#### Modified Icons 🔨
- `skull` ([#​2197](https://togithub.com/lucide-icons/lucide/issues/2197)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.421.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.421.0): New icons 0.421.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.420.0...0.421.0)
#### New icons 🎨
- `microchip` ([#​1982](https://togithub.com/lucide-icons/lucide/issues/1982)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `circle-check-big` ([#​2330](https://togithub.com/lucide-icons/lucide/issues/2330)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-download` ([#​2355](https://togithub.com/lucide-icons/lucide/issues/2355)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `pentagon` ([#​1918](https://togithub.com/lucide-icons/lucide/issues/1918)) by [@​jguddas](https://togithub.com/jguddas)
- `square-check-big` ([#​2331](https://togithub.com/lucide-icons/lucide/issues/2331)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.420.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.420.0): New icons 0.420.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.419.0...0.420.0)
#### New icons 🎨
- `omega` ([#​2347](https://togithub.com/lucide-icons/lucide/issues/2347)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `calendar-search` ([#​2351](https://togithub.com/lucide-icons/lucide/issues/2351)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-upload` ([#​2352](https://togithub.com/lucide-icons/lucide/issues/2352)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.419.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.419.0): New icons 0.419.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.418.0...0.419.0)
#### New icons 🎨
- `circle-fading-arrow-up` ([#​2287](https://togithub.com/lucide-icons/lucide/issues/2287)) by [@​mosch](https://togithub.com/mosch)
### [`v0.418.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.418.0): New icons 0.418.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.417.0...0.418.0)
#### New icons 🎨
- `id-card` ([#​1296](https://togithub.com/lucide-icons/lucide/issues/1296)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.417.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.417.0): New icons 0.417.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.416.0...0.417.0)
#### Modified Icons 🔨
- `chart-column-increasing` ([#​2334](https://togithub.com/lucide-icons/lucide/issues/2334)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.416.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.416.0): New icons 0.416.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.415.0...0.416.0)
#### New icons 🎨
- `map-pin-check-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-check` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `map-pin-off` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pinned` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.415.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.415.0): New icons 0.415.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.414.0...0.415.0)
#### New icons 🎨
- `square-square` ([#​2241](https://togithub.com/lucide-icons/lucide/issues/2241)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.414.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.414.0): New icons 0.414.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.413.0...0.414.0)
#### New icons 🎨
- `chart-area` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-decreasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-big` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-network` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-no-axes-combined` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-spline` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.413.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.413.0): New icons 0.413.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.412.0...0.413.0)
#### New icons 🎨
- `dam` ([#​2233](https://togithub.com/lucide-icons/lucide/issues/2233)) by [@​AndreasSas](https://togithub.com/AndreasSas)
#### Modified Icons 🔨
- `dog` ([#​2249](https://togithub.com/lucide-icons/lucide/issues/2249)) by [@​jguddas](https://togithub.com/jguddas)
- `key-square` ([#​2277](https://togithub.com/lucide-icons/lucide/issues/2277)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.412.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.412.0): New icons 0.412.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.411.0...0.412.0)
#### New icons 🎨
- `letter-text` ([#​2252](https://togithub.com/lucide-icons/lucide/issues/2252)) by [@​GRA0007](https://togithub.com/GRA0007)
### [`v0.411.0`](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
### [`v0.410.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.410.0): New icons 0.410.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.409.0...0.410.0)
#### New icons 🎨
- `philippine-peso` ([#​2231](https://togithub.com/lucide-icons/lucide/issues/2231)) by [@​kasutu](https://togithub.com/kasutu)
#### Modified Icons 🔨
- `ribbon` ([#​2271](https://togithub.com/lucide-icons/lucide/issues/2271)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.409.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.409.0): New icons 0.409.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.408.0...0.409.0)
#### Modified Icons 🔨
- `calendar-minus` ([#​2265](https://togithub.com/lucide-icons/lucide/issues/2265)) by [@​jguddas](https://togithub.com/jguddas)
- `eye-off` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `image-plus` ([#​2321](https://togithub.com/lucide-icons/lucide/issues/2321)) by [@​jguddas](https://togithub.com/jguddas)
- `scan-eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `view` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
</details>
<details>
<summary>nodejs/node (node)</summary>
### [`v20.16.0`](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
[Compare Source](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
</details>
<details>
<summary>facebook/react (react-refresh)</summary>
### [`v0.14.2`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0142-November-2-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.1...v0.14.2)
##### React DOM
- Fixed bug with development build preventing events from firing in some versions of Internet Explorer & Edge
- Fixed bug with development build when using es5-sham in older versions of Internet Explorer
- Added support for `integrity` attribute
- Fixed bug resulting in `children` prop being coerced to a string for custom elements, which was not the desired behavior
- Moved `react` from `dependencies` to `peerDependencies` to match expectations and align with `react-addons-*` packages
### [`v0.14.1`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#01410-October-14-2020)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.0...v0.14.1)
##### React
- Backport support for the [new JSX transform](https://reactjs.org/blog/2020/09/22/introducing-the-new-jsx-transform.html) to 0.14.x. ([@​lunaruan](https://togithub.com/lunaruan) in [#​18299](https://togithub.com/facebook/react/pull/18299) and [@​gaearon](https://togithub.com/gaearon) in [#​20024](https://togithub.com/facebook/react/pull/20024))
### [`v0.14.0`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0140-October-7-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.13.0...v0.14.0)
##### Major changes
- Split the main `react` package into two: `react` and `react-dom`. This paves the way to writing components that can be shared between the web version of React and React Native. This means you will need to include both files and some functions have been moved from `React` to `ReactDOM`.
- Addons have been moved to separate packages (`react-addons-clone-with-props`, `react-addons-create-fragment`, `react-addons-css-transition-group`, `react-addons-linked-state-mixin`, `react-addons-perf`, `react-addons-pure-render-mixin`, `react-addons-shallow-compare`, `react-addons-test-utils`, `react-addons-transition-group`, `react-addons-update`, `ReactDOM.unstable_batchedUpdates`).
- Stateless functional components - React components were previously created using React.createClass or using ES6 classes. This release adds a [new syntax](https://reactjs.org/docs/reusable-components.html#stateless-functions) where a user defines a single [stateless render function](https://reactjs.org/docs/reusable-components.html#stateless-functions) (with one parameter: `props`) which returns a JSX element, and this function may be used as a component.
- Refs to DOM components as the DOM node itself. Previously the only useful thing you can do with a DOM component is call `getDOMNode()` to get the underlying DOM node. Starting with this release, a ref to a DOM component *is* the actual DOM node. **Note that refs to custom (user-defined) components work exactly as before; only the built-in DOM components are affected by this change.**
##### Breaking changes
- `React.initializeTouchEvents` is no longer necessary and has been removed completely. Touch events now work automatically.
- Add-Ons: Due to the DOM node refs change mentioned above, `TestUtils.findAllInRenderedTree` and related helpers are no longer able to take a DOM component, only a custom component.
- The `props` object is now frozen, so mutating props after creating a component element is no longer supported. In most cases, [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) should be used instead. This change makes your components easier to reason about and enables the compiler optimizations mentioned above.
- Plain objects are no longer supported as React children; arrays should be used instead. You can use the [`createFragment`](https://reactjs.org/docs/create-fragment.html) helper to migrate, which now returns an array.
- Add-Ons: `classSet` has been removed. Use [classnames](https://togithub.com/JedWatson/classnames) instead.
- Web components (custom elements) now use native property names. Eg: `class` instead of `className`.
##### Deprecations
- `this.getDOMNode()` is now deprecated and `ReactDOM.findDOMNode(this)` can be used instead. Note that in the common case, `findDOMNode` is now unnecessary since a ref to the DOM component is now the actual DOM node.
- `setProps` and `replaceProps` are now deprecated. Instead, call ReactDOM.render again at the top level with the new props.
- ES6 component classes must now extend `React.Component` in order to enable stateless function components. The [ES3 module pattern](https://reactjs.org/blog/2015/01/27/react-v0.13.0-beta-1.html#other-languages) will continue to work.
- Reusing and mutating a `style` object between renders has been deprecated. This mirrors our change to freeze the `props` object.
- Add-Ons: `cloneWithProps` is now deprecated. Use [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) instead (unlike `cloneW
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-22 07:12:22 +03:00
|
|
|
"memchr",
|
2023-08-29 13:07:05 +03:00
|
|
|
"ryu",
|
|
|
|
"serde",
|
|
|
|
]
|
|
|
|
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
[[package]]
|
|
|
|
name = "serde_urlencoded"
|
|
|
|
version = "0.7.1"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd"
|
|
|
|
dependencies = [
|
|
|
|
"form_urlencoded",
|
|
|
|
"itoa",
|
|
|
|
"ryu",
|
|
|
|
"serde",
|
|
|
|
]
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
|
|
|
name = "sha1"
|
2023-10-11 10:36:45 +03:00
|
|
|
version = "0.10.6"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-10-11 10:36:45 +03:00
|
|
|
checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"cfg-if",
|
|
|
|
"cpufeatures",
|
|
|
|
"digest",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "sha2"
|
2023-10-11 10:36:45 +03:00
|
|
|
version = "0.10.8"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-10-11 10:36:45 +03:00
|
|
|
checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"cfg-if",
|
|
|
|
"cpufeatures",
|
|
|
|
"digest",
|
|
|
|
]
|
|
|
|
|
2023-10-18 11:06:07 +03:00
|
|
|
[[package]]
|
|
|
|
name = "sha3"
|
|
|
|
version = "0.10.8"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "75872d278a8f37ef87fa0ddbda7802605cb18344497949862c0d4dcb291eba60"
|
|
|
|
dependencies = [
|
|
|
|
"digest",
|
|
|
|
"keccak",
|
|
|
|
]
|
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "sharded-slab"
|
2023-10-11 10:36:45 +03:00
|
|
|
version = "0.1.7"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-10-11 10:36:45 +03:00
|
|
|
checksum = "f40ca3c46823713e0d4209592e8d6e826aa57e928f09752619fc696c499637f6"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"lazy_static",
|
|
|
|
]
|
|
|
|
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
[[package]]
|
|
|
|
name = "shlex"
|
|
|
|
version = "1.3.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
|
|
|
name = "signal-hook-registry"
|
2024-05-16 12:15:58 +03:00
|
|
|
version = "1.4.2"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-16 12:15:58 +03:00
|
|
|
checksum = "a9e9e0b4211b72e7b8b6e85c807d36c212bdb33ea8587f7569562a84df5465b1"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"libc",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "signature"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "2.2.0"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"digest",
|
2023-09-04 10:31:00 +03:00
|
|
|
"rand_core",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "slab"
|
2023-08-31 11:39:19 +03:00
|
|
|
version = "0.4.9"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-31 11:39:19 +03:00
|
|
|
checksum = "8f92a496fb766b417c996b9c5e57daf2f7ad3b0bebe1ccfca4856390e3d3bb67"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"autocfg",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "smallvec"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "1.13.2"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
dependencies = [
|
|
|
|
"serde",
|
|
|
|
]
|
2023-06-07 09:52:19 +03:00
|
|
|
|
2024-01-31 09:54:33 +03:00
|
|
|
[[package]]
|
|
|
|
name = "smol_str"
|
2024-05-16 12:15:58 +03:00
|
|
|
version = "0.2.2"
|
2024-01-31 09:54:33 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-16 12:15:58 +03:00
|
|
|
checksum = "dd538fb6910ac1099850255cf94a94df6551fbdd602454387d0adb2d1ca6dead"
|
2024-01-31 09:54:33 +03:00
|
|
|
dependencies = [
|
|
|
|
"serde",
|
|
|
|
]
|
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "socket2"
|
2024-05-16 12:15:58 +03:00
|
|
|
version = "0.5.7"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-16 12:15:58 +03:00
|
|
|
checksum = "ce305eb0b4296696835b71df73eb912e0f1ffd2556a501fcede6e0c50349191c"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"libc",
|
2024-04-19 23:14:13 +03:00
|
|
|
"windows-sys 0.52.0",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
|
|
|
name = "spin"
|
|
|
|
version = "0.9.8"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67"
|
|
|
|
dependencies = [
|
|
|
|
"lock_api",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "spki"
|
2024-01-02 15:32:47 +03:00
|
|
|
version = "0.7.3"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-01-02 15:32:47 +03:00
|
|
|
checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"base64ct",
|
|
|
|
"der",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "sqlformat"
|
2024-06-24 11:06:20 +03:00
|
|
|
version = "0.2.4"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-06-24 11:06:20 +03:00
|
|
|
checksum = "f895e3734318cc55f1fe66258926c9b910c124d47520339efecbb6c59cec7c1f"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"nom",
|
|
|
|
"unicode_categories",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "sqlx"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
version = "0.8.1"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
checksum = "fcfa89bea9500db4a0d038513d7a060566bfc51d46d1c014847049a45cce85e8"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"sqlx-core",
|
|
|
|
"sqlx-macros",
|
|
|
|
"sqlx-mysql",
|
|
|
|
"sqlx-postgres",
|
|
|
|
"sqlx-sqlite",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "sqlx-core"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
version = "0.8.1"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
checksum = "d06e2f2bd861719b1f3f0c7dbe1d80c30bf59e76cf019f07d9014ed7eefb8e08"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"atoi",
|
|
|
|
"byteorder",
|
|
|
|
"bytes",
|
|
|
|
"chrono",
|
|
|
|
"crc",
|
|
|
|
"crossbeam-queue",
|
|
|
|
"either",
|
|
|
|
"event-listener",
|
|
|
|
"futures-channel",
|
|
|
|
"futures-core",
|
|
|
|
"futures-intrusive",
|
|
|
|
"futures-io",
|
|
|
|
"futures-util",
|
2024-09-03 10:42:54 +03:00
|
|
|
"hashbrown",
|
2023-06-07 09:52:19 +03:00
|
|
|
"hashlink",
|
|
|
|
"hex",
|
2023-09-04 10:31:00 +03:00
|
|
|
"indexmap",
|
2023-06-07 09:52:19 +03:00
|
|
|
"log",
|
|
|
|
"memchr",
|
|
|
|
"once_cell",
|
|
|
|
"paste",
|
|
|
|
"percent-encoding",
|
|
|
|
"rustls",
|
|
|
|
"rustls-pemfile",
|
|
|
|
"serde",
|
|
|
|
"serde_json",
|
|
|
|
"sha2",
|
|
|
|
"smallvec",
|
|
|
|
"sqlformat",
|
|
|
|
"thiserror",
|
|
|
|
"tokio",
|
|
|
|
"tokio-stream",
|
|
|
|
"tracing",
|
|
|
|
"url",
|
|
|
|
"webpki-roots",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "sqlx-macros"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
version = "0.8.1"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
checksum = "2f998a9defdbd48ed005a89362bd40dd2117502f15294f61c8d47034107dbbdc"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
|
|
|
"sqlx-core",
|
|
|
|
"sqlx-macros-core",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"syn",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "sqlx-macros-core"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
version = "0.8.1"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
checksum = "3d100558134176a2629d46cec0c8891ba0be8910f7896abfdb75ef4ab6f4e7ce"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"dotenvy",
|
|
|
|
"either",
|
|
|
|
"heck",
|
|
|
|
"hex",
|
|
|
|
"once_cell",
|
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
|
|
|
"serde",
|
|
|
|
"serde_json",
|
|
|
|
"sha2",
|
|
|
|
"sqlx-core",
|
|
|
|
"sqlx-mysql",
|
|
|
|
"sqlx-postgres",
|
|
|
|
"sqlx-sqlite",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"syn",
|
2023-06-07 09:52:19 +03:00
|
|
|
"tempfile",
|
|
|
|
"tokio",
|
|
|
|
"url",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "sqlx-mysql"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
version = "0.8.1"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
checksum = "936cac0ab331b14cb3921c62156d913e4c15b74fb6ec0f3146bd4ef6e4fb3c12"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"atoi",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"base64 0.22.1",
|
2024-09-03 10:42:54 +03:00
|
|
|
"bitflags 2.6.0",
|
2023-06-07 09:52:19 +03:00
|
|
|
"byteorder",
|
|
|
|
"bytes",
|
|
|
|
"chrono",
|
|
|
|
"crc",
|
|
|
|
"digest",
|
|
|
|
"dotenvy",
|
|
|
|
"either",
|
|
|
|
"futures-channel",
|
|
|
|
"futures-core",
|
|
|
|
"futures-io",
|
|
|
|
"futures-util",
|
|
|
|
"generic-array",
|
|
|
|
"hex",
|
|
|
|
"hkdf",
|
|
|
|
"hmac",
|
|
|
|
"itoa",
|
|
|
|
"log",
|
|
|
|
"md-5",
|
|
|
|
"memchr",
|
|
|
|
"once_cell",
|
|
|
|
"percent-encoding",
|
2023-09-04 10:31:00 +03:00
|
|
|
"rand",
|
2023-06-07 09:52:19 +03:00
|
|
|
"rsa",
|
|
|
|
"serde",
|
|
|
|
"sha1",
|
|
|
|
"sha2",
|
|
|
|
"smallvec",
|
|
|
|
"sqlx-core",
|
|
|
|
"stringprep",
|
|
|
|
"thiserror",
|
|
|
|
"tracing",
|
|
|
|
"whoami",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "sqlx-postgres"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
version = "0.8.1"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
checksum = "9734dbce698c67ecf67c442f768a5e90a49b2a4d61a9f1d59f73874bd4cf0710"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"atoi",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"base64 0.22.1",
|
2024-09-03 10:42:54 +03:00
|
|
|
"bitflags 2.6.0",
|
2023-06-07 09:52:19 +03:00
|
|
|
"byteorder",
|
|
|
|
"chrono",
|
|
|
|
"crc",
|
|
|
|
"dotenvy",
|
|
|
|
"etcetera",
|
|
|
|
"futures-channel",
|
|
|
|
"futures-core",
|
|
|
|
"futures-io",
|
|
|
|
"futures-util",
|
|
|
|
"hex",
|
|
|
|
"hkdf",
|
|
|
|
"hmac",
|
|
|
|
"home",
|
|
|
|
"itoa",
|
|
|
|
"log",
|
|
|
|
"md-5",
|
|
|
|
"memchr",
|
|
|
|
"once_cell",
|
2023-09-04 10:31:00 +03:00
|
|
|
"rand",
|
2023-06-07 09:52:19 +03:00
|
|
|
"serde",
|
|
|
|
"serde_json",
|
|
|
|
"sha2",
|
|
|
|
"smallvec",
|
|
|
|
"sqlx-core",
|
|
|
|
"stringprep",
|
|
|
|
"thiserror",
|
|
|
|
"tracing",
|
|
|
|
"whoami",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "sqlx-sqlite"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
version = "0.8.1"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
checksum = "a75b419c3c1b1697833dd927bdc4c6545a620bc1bbafabd44e1efbe9afcd337e"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"atoi",
|
|
|
|
"chrono",
|
|
|
|
"flume",
|
|
|
|
"futures-channel",
|
|
|
|
"futures-core",
|
|
|
|
"futures-executor",
|
|
|
|
"futures-intrusive",
|
|
|
|
"futures-util",
|
|
|
|
"libsqlite3-sys",
|
|
|
|
"log",
|
|
|
|
"percent-encoding",
|
|
|
|
"serde",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"serde_urlencoded",
|
2023-08-29 13:07:05 +03:00
|
|
|
"sqlx-core",
|
|
|
|
"tracing",
|
|
|
|
"url",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "stringprep"
|
2024-05-28 08:38:11 +03:00
|
|
|
version = "0.1.5"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-28 08:38:11 +03:00
|
|
|
checksum = "7b4df3d392d81bd458a8a621b8bffbd2302a12ffe288a9d931670948749463b1"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"unicode-bidi",
|
|
|
|
"unicode-normalization",
|
2024-05-28 08:38:11 +03:00
|
|
|
"unicode-properties",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "subtle"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "2.6.1"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "syn"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "2.0.77"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "9f35bcdf61fd8e7be6caf75f429fdca8beb3ed76584befb503b1569faee373ed"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
|
|
|
"unicode-ident",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "tap"
|
|
|
|
version = "1.0.1"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369"
|
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "tempfile"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "3.12.0"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "04cbcdd0c794ebb0d4cf35e88edd2f7d2c4c3e9a5a6dab322839b321c6a87a64"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-06-07 09:52:19 +03:00
|
|
|
"cfg-if",
|
2023-09-04 10:31:00 +03:00
|
|
|
"fastrand",
|
2024-09-03 10:42:54 +03:00
|
|
|
"once_cell",
|
2023-06-07 09:52:19 +03:00
|
|
|
"rustix",
|
2024-09-03 10:42:54 +03:00
|
|
|
"windows-sys 0.59.0",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "thiserror"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "1.0.63"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "c0342370b38b6a11b6cc11d6a805569958d54cfa061a29969c3b5ce2ea405724"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-06-07 09:52:19 +03:00
|
|
|
"thiserror-impl",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "thiserror-impl"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "1.0.63"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "a4558b58466b9ad7ca0f102865eccc95938dca1a74a856f2b57b6629050da261"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-06-07 09:52:19 +03:00
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"syn",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "thread_local"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "1.1.8"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "8b9ef9bad013ada3808854ceac7b46812a6465ba368859a37e2100283d2d719c"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"cfg-if",
|
|
|
|
"once_cell",
|
|
|
|
]
|
|
|
|
|
2024-05-16 10:55:10 +03:00
|
|
|
[[package]]
|
|
|
|
name = "tiktoken-rs"
|
|
|
|
version = "0.5.9"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "c314e7ce51440f9e8f5a497394682a57b7c323d0f4d0a6b1b13c429056e0e234"
|
|
|
|
dependencies = [
|
|
|
|
"anyhow",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"base64 0.21.7",
|
2024-05-16 10:55:10 +03:00
|
|
|
"bstr",
|
|
|
|
"fancy-regex",
|
|
|
|
"lazy_static",
|
|
|
|
"parking_lot",
|
|
|
|
"rustc-hash",
|
|
|
|
]
|
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "tinyvec"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "1.8.0"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "445e881f4f6d382d5f27c034e25eb92edd7c784ceab92a0937db7f2e9471b938"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"tinyvec_macros",
|
|
|
|
]
|
2023-05-10 12:16:48 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "tinyvec_macros"
|
|
|
|
version = "0.1.1"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-06-07 09:52:19 +03:00
|
|
|
checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "tokio"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "1.40.0"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "e2b070231665d27ad9ec9b8df639893f46727666c6767db40317fbe920a5d998"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"backtrace",
|
2023-06-07 09:52:19 +03:00
|
|
|
"bytes",
|
|
|
|
"libc",
|
chore: bump up all non-major dependencies (#7925)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type | Update |
|---|---|---|---|---|---|---|---|
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@chromatic-com/storybook](https://togithub.com/chromaui/addon-visual-tests) | [`1.6.1` -> `1.7.0`](https://renovatebot.com/diffs/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [@fal-ai/serverless-client](https://togithub.com/fal-ai/fal-js) ([source](https://togithub.com/fal-ai/fal-js/tree/HEAD/libs/client)) | [`^0.13.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@napi-rs/cli](https://togithub.com/napi-rs/napi-rs) | [`3.0.0-alpha.60` -> `3.0.0-alpha.62`](https://renovatebot.com/diffs/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@playwright/test](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@types/react](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/react) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react)) | [`18.3.3` -> `18.3.4`](https://renovatebot.com/diffs/npm/@types%2freact/18.3.3/18.3.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/css](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/css)) | [`1.15.4` -> `1.15.5`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fcss/1.15.4/1.15.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/vite-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/vite-plugin)) | [`4.0.14` -> `4.0.15`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/webpack-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/webpack-plugin)) | [`2.3.12` -> `2.3.13`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [dayjs](https://day.js.org) ([source](https://togithub.com/iamkun/dayjs)) | [`1.11.12` -> `1.11.13`](https://renovatebot.com/diffs/npm/dayjs/1.11.12/1.11.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [electron](https://togithub.com/electron/electron) | [`32.0.0` -> `32.0.1`](https://renovatebot.com/diffs/npm/electron/32.0.0/32.0.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [embla-carousel-react](https://www.embla-carousel.com) ([source](https://togithub.com/davidjerleke/embla-carousel)) | [`8.1.8` -> `8.2.0`](https://renovatebot.com/diffs/npm/embla-carousel-react/8.1.8/8.2.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [husky](https://togithub.com/typicode/husky) | [`9.1.4` -> `9.1.5`](https://renovatebot.com/diffs/npm/husky/9.1.4/9.1.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [jotai-scope](https://togithub.com/jotaijs/jotai-scope) | [`0.7.1` -> `0.7.2`](https://renovatebot.com/diffs/npm/jotai-scope/0.7.1/0.7.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [lucide-react](https://lucide.dev) ([source](https://togithub.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react)) | [`^0.408.0` -> `^0.429.0`](https://renovatebot.com/diffs/npm/lucide-react/0.408.0/0.429.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [napi](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.7` -> `3.0.0-alpha.8` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [napi-derive](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.6` -> `3.0.0-alpha.7` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [nestjs-throttler-storage-redis](https://togithub.com/kkoomen/nestjs-throttler-storage-redis) | [`^0.4.1` -> `^0.5.0`](https://renovatebot.com/diffs/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [node](https://nodejs.org) ([source](https://togithub.com/nodejs/node)) | `20.15.1` -> `20.16.0` | [![age](https://developer.mend.io/api/mc/badges/age/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor |
| openresty/openresty | `1.25.3.1-0-buster` -> `1.25.3.2-0-buster` | [![age](https://developer.mend.io/api/mc/badges/age/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | final | patch |
| [playwright](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/playwright/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [react-refresh](https://reactjs.org/) ([source](https://togithub.com/facebook/react/tree/HEAD/packages/react)) | [`^0.10.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/react-refresh/0.10.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [serde](https://serde.rs) ([source](https://togithub.com/serde-rs/serde)) | `1.0.204` -> `1.0.208` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [serde_json](https://togithub.com/serde-rs/json) | `1.0.120` -> `1.0.125` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [storybook-dark-mode](https://togithub.com/hipstersmoothie/storybook-dark-mode) | [`4.0.1` -> `4.0.2`](https://renovatebot.com/diffs/npm/storybook-dark-mode/4.0.1/4.0.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dev-dependencies | minor |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | minor |
| [vite](https://vitejs.dev) ([source](https://togithub.com/vitejs/vite/tree/HEAD/packages/vite)) | [`5.4.1` -> `5.4.2`](https://renovatebot.com/diffs/npm/vite/5.4.1/5.4.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [vite-plugin-dts](https://togithub.com/qmhc/vite-plugin-dts) | [`4.0.2` -> `4.0.3`](https://renovatebot.com/diffs/npm/vite-plugin-dts/4.0.2/4.0.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [wrangler](https://togithub.com/cloudflare/workers-sdk) ([source](https://togithub.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler)) | [`3.72.0` -> `3.72.1`](https://renovatebot.com/diffs/npm/wrangler/3.72.0/3.72.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
---
### Release Notes
<details>
<summary>aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)</summary>
### [`v3.635.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#36350-2024-08-20)
[Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.633.0...v3.635.0)
##### Features
- **client-s3:** Amazon Simple Storage Service / Features : Add support for conditional writes for PutObject and CompleteMultipartUpload APIs. ([b474584](https://togithub.com/aws/aws-sdk-js-v3/commit/b474584f2cfb0438fb1007d0594a54cf1a1c2dcb))
- **codegen:** add Smithy RPCv2 CBOR to list of protocols ([#​6096](https://togithub.com/aws/aws-sdk-js-v3/issues/6096)) ([5154d4f](https://togithub.com/aws/aws-sdk-js-v3/commit/5154d4f19bc77a7bad075b35ce135d3b5f60ad1d))
</details>
<details>
<summary>chromaui/addon-visual-tests (@​chromatic-com/storybook)</summary>
### [`v1.7.0`](https://togithub.com/chromaui/addon-visual-tests/blob/HEAD/CHANGELOG.md#v170-Tue-Aug-20-2024)
[Compare Source](https://togithub.com/chromaui/addon-visual-tests/compare/v1.6.1...v1.7.0)
##### 🚀 Enhancement
- Update story status reporting for Storybook 8.3 and use new `SET_FILTER` event [#​332](https://togithub.com/chromaui/addon-visual-tests/pull/332) ([@​ghengeveld](https://togithub.com/ghengeveld))
##### Authors: 1
- Gert Hengeveld ([@​ghengeveld](https://togithub.com/ghengeveld))
***
</details>
<details>
<summary>emotion-js/emotion (@​emotion/react)</summary>
### [`v11.13.3`](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...3f468846855ed1c6092922a6317a6f5df0ba8dcc)
[Compare Source](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...@emotion/react@11.13.3)
</details>
<details>
<summary>fal-ai/fal-js (@​fal-ai/serverless-client)</summary>
### [`v0.14.2`](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
### [`v0.14.1`](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
### [`v0.14.0`](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
</details>
<details>
<summary>napi-rs/napi-rs (@​napi-rs/cli)</summary>
### [`v3.0.0-alpha.62`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
### [`v3.0.0-alpha.61`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
</details>
<details>
<summary>microsoft/playwright (@​playwright/test)</summary>
### [`v1.46.1`](https://togithub.com/microsoft/playwright/compare/v1.46.0...e1c861cfa7a6caf3c5b798786b1e6298c4f3cf31)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.46.0...v1.46.1)
### [`v1.46.0`](https://togithub.com/microsoft/playwright/compare/v1.45.3...99a36310570617222290c09b96a2026beb8b00f9)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.3...v1.46.0)
### [`v1.45.3`](https://togithub.com/microsoft/playwright/compare/v1.45.2...0e130fa8edaf85765c4a5a86bded0e6d33bfd7c2)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.2...v1.45.3)
### [`v1.45.2`](https://togithub.com/microsoft/playwright/compare/v1.45.1...d8a5f3b33193e413b404ff4aa1f71e859d8f1b6b)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.1...v1.45.2)
### [`v1.45.1`](https://togithub.com/microsoft/playwright/compare/v1.45.0...e8989f83d9801cdaadc3803b5341c601c9593947)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.0...v1.45.1)
### [`v1.45.0`](https://togithub.com/microsoft/playwright/compare/v1.44.1...4f3f6eecae490af444dd9298c9eaeb0c596915b7)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.44.1...v1.45.0)
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/css)</summary>
### [`v1.15.5`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/css/CHANGELOG.md#1155)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/css@1.15.4...@vanilla-extract/css@1.15.5)
##### Patch Changes
- [#​1466](https://togithub.com/vanilla-extract-css/vanilla-extract/pull/1466) [`6432199fa0717f424fb3f45fbe36410b03b01c1c`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/6432199fa0717f424fb3f45fbe36410b03b01c1c) Thanks [@​askoufis](https://togithub.com/askoufis)! - Speed up dev prefix generation for long file paths
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/vite-plugin)</summary>
### [`v4.0.15`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/vite-plugin/CHANGELOG.md#4015)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/vite-plugin@4.0.14...@vanilla-extract/vite-plugin@4.0.15)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/webpack-plugin)</summary>
### [`v2.3.13`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/webpack-plugin/CHANGELOG.md#2313)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/webpack-plugin@2.3.12...@vanilla-extract/webpack-plugin@2.3.13)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>zloirock/core-js (core-js)</summary>
### [`v3.38.1`](https://togithub.com/zloirock/core-js/blob/HEAD/CHANGELOG.md#3381---20240820)
[Compare Source](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Changes [v3.38.0...v3.38.1](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Fixed some cases of `URLSearchParams` percent decoding, [#​1357](https://togithub.com/zloirock/core-js/issues/1357), [#​1361](https://togithub.com/zloirock/core-js/pull/1361), thanks [**@​slowcheetah**](https://togithub.com/slowcheetah)
- Some stylistic changes and minor optimizations
- Compat data improvements:
- [`Iterator` helpers proposal](https://togithub.com/tc39/proposal-iterator-helpers) methods marked as [shipped from FF131](https://bugzilla.mozilla.org/show_bug.cgi?id=1896390)
- [`Math.f16round` and `DataView.prototype.{ getFloat16, setFloat16 }`](https://togithub.com/tc39/proposal-float16array) marked as shipped from Bun 1.1.23
- [`RegExp.escape`](https://togithub.com/tc39/proposal-regex-escaping) marked as shipped from Bun 1.1.22
- [`Promise.try`](https://togithub.com/tc39/proposal-promise-try) marked as shipped from Bun 1.1.22
- [`Uint8Array` to / from base64 and hex proposal](https://togithub.com/tc39/proposal-arraybuffer-base64) methods marked as shipped from Bun 1.1.22
- Added Hermes 0.13 compat data, similar to React Native 0.75 Hermes
- Added Opera Android 84 compat data mapping
</details>
<details>
<summary>iamkun/dayjs (dayjs)</summary>
### [`v1.11.13`](https://togithub.com/iamkun/dayjs/compare/v1.11.12...93c8fd0f807b8a8252f4cd65083bb1d6a49b90e7)
[Compare Source](https://togithub.com/iamkun/dayjs/compare/v1.11.12...v1.11.13)
</details>
<details>
<summary>electron/electron (electron)</summary>
### [`v32.0.1`](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
[Compare Source](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
</details>
<details>
<summary>davidjerleke/embla-carousel (embla-carousel-react)</summary>
### [`v8.2.0`](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...6baf1555c6f68e88a7f785213ecf363f447a8b2f)
[Compare Source](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...v8.2.0)
</details>
<details>
<summary>typicode/husky (husky)</summary>
### [`v9.1.5`](https://togithub.com/typicode/husky/compare/v9.1.4...2fee8d212c601942ad146ea9209f15c20a07fb6d)
[Compare Source](https://togithub.com/typicode/husky/compare/v9.1.4...v9.1.5)
</details>
<details>
<summary>jotaijs/jotai-scope (jotai-scope)</summary>
### [`v0.7.2`](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
[Compare Source](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
</details>
<details>
<summary>lucide-icons/lucide (lucide-react)</summary>
### [`v0.429.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.429.0): New icons 0.429.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.428.0...0.429.0)
#### Modified Icons 🔨
- `message-square-dashed` ([#​2374](https://togithub.com/lucide-icons/lucide/issues/2374)) by [@​jguddas](https://togithub.com/jguddas)
- `stethoscope` ([#​2379](https://togithub.com/lucide-icons/lucide/issues/2379)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.428.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.428.0): New icons 0.428.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.427.0...0.428.0)
#### New icons 🎨
- `tickets-plane` ([#​2196](https://togithub.com/lucide-icons/lucide/issues/2196)) by [@​jguddas](https://togithub.com/jguddas)
#### Modified Icons 🔨
- `folder-search` ([#​2354](https://togithub.com/lucide-icons/lucide/issues/2354)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.427.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.427.0): New icons 0.427.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.426.0...0.427.0)
#### New icons 🎨
- `binoculars` ([#​2207](https://togithub.com/lucide-icons/lucide/issues/2207)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `tickets` ([#​2335](https://togithub.com/lucide-icons/lucide/issues/2335)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.426.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.426.0): New icons 0.426.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.425.0...0.426.0)
#### New icons 🎨
- `chevrons-left-right-ellipsis` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
- `ethernet-port` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
#### Modified Icons 🔨
- `cigarette-off` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
- `cigarette` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.425.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.425.0): New icons 0.425.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.424.0...0.425.0)
#### New icons 🎨
- `bandage` ([#​2341](https://togithub.com/lucide-icons/lucide/issues/2341)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `table-of-contents` ([#​2348](https://togithub.com/lucide-icons/lucide/issues/2348)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `mouse-pointer-2` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-ban` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-click` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-dashed-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.424.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.424.0): New icons 0.424.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.423.0...0.424.0)
#### New icons 🎨
- `map-pin-house` ([#​2337](https://togithub.com/lucide-icons/lucide/issues/2337)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `replace-all` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
- `replace` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.423.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.423.0): New icons 0.423.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.422.0...0.423.0)
#### New icons 🎨
- `amphora` ([#​1926](https://togithub.com/lucide-icons/lucide/issues/1926)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.422.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.422.0): New icons 0.422.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.421.0...0.422.0)
#### Modified Icons 🔨
- `skull` ([#​2197](https://togithub.com/lucide-icons/lucide/issues/2197)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.421.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.421.0): New icons 0.421.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.420.0...0.421.0)
#### New icons 🎨
- `microchip` ([#​1982](https://togithub.com/lucide-icons/lucide/issues/1982)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `circle-check-big` ([#​2330](https://togithub.com/lucide-icons/lucide/issues/2330)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-download` ([#​2355](https://togithub.com/lucide-icons/lucide/issues/2355)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `pentagon` ([#​1918](https://togithub.com/lucide-icons/lucide/issues/1918)) by [@​jguddas](https://togithub.com/jguddas)
- `square-check-big` ([#​2331](https://togithub.com/lucide-icons/lucide/issues/2331)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.420.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.420.0): New icons 0.420.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.419.0...0.420.0)
#### New icons 🎨
- `omega` ([#​2347](https://togithub.com/lucide-icons/lucide/issues/2347)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `calendar-search` ([#​2351](https://togithub.com/lucide-icons/lucide/issues/2351)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-upload` ([#​2352](https://togithub.com/lucide-icons/lucide/issues/2352)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.419.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.419.0): New icons 0.419.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.418.0...0.419.0)
#### New icons 🎨
- `circle-fading-arrow-up` ([#​2287](https://togithub.com/lucide-icons/lucide/issues/2287)) by [@​mosch](https://togithub.com/mosch)
### [`v0.418.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.418.0): New icons 0.418.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.417.0...0.418.0)
#### New icons 🎨
- `id-card` ([#​1296](https://togithub.com/lucide-icons/lucide/issues/1296)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.417.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.417.0): New icons 0.417.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.416.0...0.417.0)
#### Modified Icons 🔨
- `chart-column-increasing` ([#​2334](https://togithub.com/lucide-icons/lucide/issues/2334)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.416.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.416.0): New icons 0.416.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.415.0...0.416.0)
#### New icons 🎨
- `map-pin-check-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-check` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `map-pin-off` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pinned` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.415.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.415.0): New icons 0.415.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.414.0...0.415.0)
#### New icons 🎨
- `square-square` ([#​2241](https://togithub.com/lucide-icons/lucide/issues/2241)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.414.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.414.0): New icons 0.414.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.413.0...0.414.0)
#### New icons 🎨
- `chart-area` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-decreasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-big` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-network` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-no-axes-combined` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-spline` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.413.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.413.0): New icons 0.413.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.412.0...0.413.0)
#### New icons 🎨
- `dam` ([#​2233](https://togithub.com/lucide-icons/lucide/issues/2233)) by [@​AndreasSas](https://togithub.com/AndreasSas)
#### Modified Icons 🔨
- `dog` ([#​2249](https://togithub.com/lucide-icons/lucide/issues/2249)) by [@​jguddas](https://togithub.com/jguddas)
- `key-square` ([#​2277](https://togithub.com/lucide-icons/lucide/issues/2277)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.412.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.412.0): New icons 0.412.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.411.0...0.412.0)
#### New icons 🎨
- `letter-text` ([#​2252](https://togithub.com/lucide-icons/lucide/issues/2252)) by [@​GRA0007](https://togithub.com/GRA0007)
### [`v0.411.0`](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
### [`v0.410.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.410.0): New icons 0.410.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.409.0...0.410.0)
#### New icons 🎨
- `philippine-peso` ([#​2231](https://togithub.com/lucide-icons/lucide/issues/2231)) by [@​kasutu](https://togithub.com/kasutu)
#### Modified Icons 🔨
- `ribbon` ([#​2271](https://togithub.com/lucide-icons/lucide/issues/2271)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.409.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.409.0): New icons 0.409.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.408.0...0.409.0)
#### Modified Icons 🔨
- `calendar-minus` ([#​2265](https://togithub.com/lucide-icons/lucide/issues/2265)) by [@​jguddas](https://togithub.com/jguddas)
- `eye-off` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `image-plus` ([#​2321](https://togithub.com/lucide-icons/lucide/issues/2321)) by [@​jguddas](https://togithub.com/jguddas)
- `scan-eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `view` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
</details>
<details>
<summary>nodejs/node (node)</summary>
### [`v20.16.0`](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
[Compare Source](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
</details>
<details>
<summary>facebook/react (react-refresh)</summary>
### [`v0.14.2`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0142-November-2-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.1...v0.14.2)
##### React DOM
- Fixed bug with development build preventing events from firing in some versions of Internet Explorer & Edge
- Fixed bug with development build when using es5-sham in older versions of Internet Explorer
- Added support for `integrity` attribute
- Fixed bug resulting in `children` prop being coerced to a string for custom elements, which was not the desired behavior
- Moved `react` from `dependencies` to `peerDependencies` to match expectations and align with `react-addons-*` packages
### [`v0.14.1`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#01410-October-14-2020)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.0...v0.14.1)
##### React
- Backport support for the [new JSX transform](https://reactjs.org/blog/2020/09/22/introducing-the-new-jsx-transform.html) to 0.14.x. ([@​lunaruan](https://togithub.com/lunaruan) in [#​18299](https://togithub.com/facebook/react/pull/18299) and [@​gaearon](https://togithub.com/gaearon) in [#​20024](https://togithub.com/facebook/react/pull/20024))
### [`v0.14.0`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0140-October-7-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.13.0...v0.14.0)
##### Major changes
- Split the main `react` package into two: `react` and `react-dom`. This paves the way to writing components that can be shared between the web version of React and React Native. This means you will need to include both files and some functions have been moved from `React` to `ReactDOM`.
- Addons have been moved to separate packages (`react-addons-clone-with-props`, `react-addons-create-fragment`, `react-addons-css-transition-group`, `react-addons-linked-state-mixin`, `react-addons-perf`, `react-addons-pure-render-mixin`, `react-addons-shallow-compare`, `react-addons-test-utils`, `react-addons-transition-group`, `react-addons-update`, `ReactDOM.unstable_batchedUpdates`).
- Stateless functional components - React components were previously created using React.createClass or using ES6 classes. This release adds a [new syntax](https://reactjs.org/docs/reusable-components.html#stateless-functions) where a user defines a single [stateless render function](https://reactjs.org/docs/reusable-components.html#stateless-functions) (with one parameter: `props`) which returns a JSX element, and this function may be used as a component.
- Refs to DOM components as the DOM node itself. Previously the only useful thing you can do with a DOM component is call `getDOMNode()` to get the underlying DOM node. Starting with this release, a ref to a DOM component *is* the actual DOM node. **Note that refs to custom (user-defined) components work exactly as before; only the built-in DOM components are affected by this change.**
##### Breaking changes
- `React.initializeTouchEvents` is no longer necessary and has been removed completely. Touch events now work automatically.
- Add-Ons: Due to the DOM node refs change mentioned above, `TestUtils.findAllInRenderedTree` and related helpers are no longer able to take a DOM component, only a custom component.
- The `props` object is now frozen, so mutating props after creating a component element is no longer supported. In most cases, [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) should be used instead. This change makes your components easier to reason about and enables the compiler optimizations mentioned above.
- Plain objects are no longer supported as React children; arrays should be used instead. You can use the [`createFragment`](https://reactjs.org/docs/create-fragment.html) helper to migrate, which now returns an array.
- Add-Ons: `classSet` has been removed. Use [classnames](https://togithub.com/JedWatson/classnames) instead.
- Web components (custom elements) now use native property names. Eg: `class` instead of `className`.
##### Deprecations
- `this.getDOMNode()` is now deprecated and `ReactDOM.findDOMNode(this)` can be used instead. Note that in the common case, `findDOMNode` is now unnecessary since a ref to the DOM component is now the actual DOM node.
- `setProps` and `replaceProps` are now deprecated. Instead, call ReactDOM.render again at the top level with the new props.
- ES6 component classes must now extend `React.Component` in order to enable stateless function components. The [ES3 module pattern](https://reactjs.org/blog/2015/01/27/react-v0.13.0-beta-1.html#other-languages) will continue to work.
- Reusing and mutating a `style` object between renders has been deprecated. This mirrors our change to freeze the `props` object.
- Add-Ons: `cloneWithProps` is now deprecated. Use [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) instead (unlike `cloneW
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-22 07:12:22 +03:00
|
|
|
"mio 1.0.2",
|
2023-06-07 09:52:19 +03:00
|
|
|
"parking_lot",
|
|
|
|
"pin-project-lite",
|
|
|
|
"signal-hook-registry",
|
2023-09-04 10:31:00 +03:00
|
|
|
"socket2",
|
2023-06-07 09:52:19 +03:00
|
|
|
"tokio-macros",
|
chore: bump up all non-major dependencies (#7925)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type | Update |
|---|---|---|---|---|---|---|---|
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@chromatic-com/storybook](https://togithub.com/chromaui/addon-visual-tests) | [`1.6.1` -> `1.7.0`](https://renovatebot.com/diffs/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [@fal-ai/serverless-client](https://togithub.com/fal-ai/fal-js) ([source](https://togithub.com/fal-ai/fal-js/tree/HEAD/libs/client)) | [`^0.13.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@napi-rs/cli](https://togithub.com/napi-rs/napi-rs) | [`3.0.0-alpha.60` -> `3.0.0-alpha.62`](https://renovatebot.com/diffs/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@playwright/test](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@types/react](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/react) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react)) | [`18.3.3` -> `18.3.4`](https://renovatebot.com/diffs/npm/@types%2freact/18.3.3/18.3.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/css](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/css)) | [`1.15.4` -> `1.15.5`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fcss/1.15.4/1.15.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/vite-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/vite-plugin)) | [`4.0.14` -> `4.0.15`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/webpack-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/webpack-plugin)) | [`2.3.12` -> `2.3.13`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [dayjs](https://day.js.org) ([source](https://togithub.com/iamkun/dayjs)) | [`1.11.12` -> `1.11.13`](https://renovatebot.com/diffs/npm/dayjs/1.11.12/1.11.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [electron](https://togithub.com/electron/electron) | [`32.0.0` -> `32.0.1`](https://renovatebot.com/diffs/npm/electron/32.0.0/32.0.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [embla-carousel-react](https://www.embla-carousel.com) ([source](https://togithub.com/davidjerleke/embla-carousel)) | [`8.1.8` -> `8.2.0`](https://renovatebot.com/diffs/npm/embla-carousel-react/8.1.8/8.2.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [husky](https://togithub.com/typicode/husky) | [`9.1.4` -> `9.1.5`](https://renovatebot.com/diffs/npm/husky/9.1.4/9.1.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [jotai-scope](https://togithub.com/jotaijs/jotai-scope) | [`0.7.1` -> `0.7.2`](https://renovatebot.com/diffs/npm/jotai-scope/0.7.1/0.7.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [lucide-react](https://lucide.dev) ([source](https://togithub.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react)) | [`^0.408.0` -> `^0.429.0`](https://renovatebot.com/diffs/npm/lucide-react/0.408.0/0.429.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [napi](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.7` -> `3.0.0-alpha.8` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [napi-derive](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.6` -> `3.0.0-alpha.7` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [nestjs-throttler-storage-redis](https://togithub.com/kkoomen/nestjs-throttler-storage-redis) | [`^0.4.1` -> `^0.5.0`](https://renovatebot.com/diffs/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [node](https://nodejs.org) ([source](https://togithub.com/nodejs/node)) | `20.15.1` -> `20.16.0` | [![age](https://developer.mend.io/api/mc/badges/age/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor |
| openresty/openresty | `1.25.3.1-0-buster` -> `1.25.3.2-0-buster` | [![age](https://developer.mend.io/api/mc/badges/age/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | final | patch |
| [playwright](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/playwright/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [react-refresh](https://reactjs.org/) ([source](https://togithub.com/facebook/react/tree/HEAD/packages/react)) | [`^0.10.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/react-refresh/0.10.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [serde](https://serde.rs) ([source](https://togithub.com/serde-rs/serde)) | `1.0.204` -> `1.0.208` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [serde_json](https://togithub.com/serde-rs/json) | `1.0.120` -> `1.0.125` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [storybook-dark-mode](https://togithub.com/hipstersmoothie/storybook-dark-mode) | [`4.0.1` -> `4.0.2`](https://renovatebot.com/diffs/npm/storybook-dark-mode/4.0.1/4.0.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dev-dependencies | minor |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | minor |
| [vite](https://vitejs.dev) ([source](https://togithub.com/vitejs/vite/tree/HEAD/packages/vite)) | [`5.4.1` -> `5.4.2`](https://renovatebot.com/diffs/npm/vite/5.4.1/5.4.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [vite-plugin-dts](https://togithub.com/qmhc/vite-plugin-dts) | [`4.0.2` -> `4.0.3`](https://renovatebot.com/diffs/npm/vite-plugin-dts/4.0.2/4.0.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [wrangler](https://togithub.com/cloudflare/workers-sdk) ([source](https://togithub.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler)) | [`3.72.0` -> `3.72.1`](https://renovatebot.com/diffs/npm/wrangler/3.72.0/3.72.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
---
### Release Notes
<details>
<summary>aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)</summary>
### [`v3.635.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#36350-2024-08-20)
[Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.633.0...v3.635.0)
##### Features
- **client-s3:** Amazon Simple Storage Service / Features : Add support for conditional writes for PutObject and CompleteMultipartUpload APIs. ([b474584](https://togithub.com/aws/aws-sdk-js-v3/commit/b474584f2cfb0438fb1007d0594a54cf1a1c2dcb))
- **codegen:** add Smithy RPCv2 CBOR to list of protocols ([#​6096](https://togithub.com/aws/aws-sdk-js-v3/issues/6096)) ([5154d4f](https://togithub.com/aws/aws-sdk-js-v3/commit/5154d4f19bc77a7bad075b35ce135d3b5f60ad1d))
</details>
<details>
<summary>chromaui/addon-visual-tests (@​chromatic-com/storybook)</summary>
### [`v1.7.0`](https://togithub.com/chromaui/addon-visual-tests/blob/HEAD/CHANGELOG.md#v170-Tue-Aug-20-2024)
[Compare Source](https://togithub.com/chromaui/addon-visual-tests/compare/v1.6.1...v1.7.0)
##### 🚀 Enhancement
- Update story status reporting for Storybook 8.3 and use new `SET_FILTER` event [#​332](https://togithub.com/chromaui/addon-visual-tests/pull/332) ([@​ghengeveld](https://togithub.com/ghengeveld))
##### Authors: 1
- Gert Hengeveld ([@​ghengeveld](https://togithub.com/ghengeveld))
***
</details>
<details>
<summary>emotion-js/emotion (@​emotion/react)</summary>
### [`v11.13.3`](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...3f468846855ed1c6092922a6317a6f5df0ba8dcc)
[Compare Source](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...@emotion/react@11.13.3)
</details>
<details>
<summary>fal-ai/fal-js (@​fal-ai/serverless-client)</summary>
### [`v0.14.2`](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
### [`v0.14.1`](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
### [`v0.14.0`](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
</details>
<details>
<summary>napi-rs/napi-rs (@​napi-rs/cli)</summary>
### [`v3.0.0-alpha.62`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
### [`v3.0.0-alpha.61`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
</details>
<details>
<summary>microsoft/playwright (@​playwright/test)</summary>
### [`v1.46.1`](https://togithub.com/microsoft/playwright/compare/v1.46.0...e1c861cfa7a6caf3c5b798786b1e6298c4f3cf31)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.46.0...v1.46.1)
### [`v1.46.0`](https://togithub.com/microsoft/playwright/compare/v1.45.3...99a36310570617222290c09b96a2026beb8b00f9)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.3...v1.46.0)
### [`v1.45.3`](https://togithub.com/microsoft/playwright/compare/v1.45.2...0e130fa8edaf85765c4a5a86bded0e6d33bfd7c2)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.2...v1.45.3)
### [`v1.45.2`](https://togithub.com/microsoft/playwright/compare/v1.45.1...d8a5f3b33193e413b404ff4aa1f71e859d8f1b6b)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.1...v1.45.2)
### [`v1.45.1`](https://togithub.com/microsoft/playwright/compare/v1.45.0...e8989f83d9801cdaadc3803b5341c601c9593947)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.0...v1.45.1)
### [`v1.45.0`](https://togithub.com/microsoft/playwright/compare/v1.44.1...4f3f6eecae490af444dd9298c9eaeb0c596915b7)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.44.1...v1.45.0)
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/css)</summary>
### [`v1.15.5`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/css/CHANGELOG.md#1155)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/css@1.15.4...@vanilla-extract/css@1.15.5)
##### Patch Changes
- [#​1466](https://togithub.com/vanilla-extract-css/vanilla-extract/pull/1466) [`6432199fa0717f424fb3f45fbe36410b03b01c1c`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/6432199fa0717f424fb3f45fbe36410b03b01c1c) Thanks [@​askoufis](https://togithub.com/askoufis)! - Speed up dev prefix generation for long file paths
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/vite-plugin)</summary>
### [`v4.0.15`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/vite-plugin/CHANGELOG.md#4015)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/vite-plugin@4.0.14...@vanilla-extract/vite-plugin@4.0.15)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/webpack-plugin)</summary>
### [`v2.3.13`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/webpack-plugin/CHANGELOG.md#2313)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/webpack-plugin@2.3.12...@vanilla-extract/webpack-plugin@2.3.13)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>zloirock/core-js (core-js)</summary>
### [`v3.38.1`](https://togithub.com/zloirock/core-js/blob/HEAD/CHANGELOG.md#3381---20240820)
[Compare Source](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Changes [v3.38.0...v3.38.1](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Fixed some cases of `URLSearchParams` percent decoding, [#​1357](https://togithub.com/zloirock/core-js/issues/1357), [#​1361](https://togithub.com/zloirock/core-js/pull/1361), thanks [**@​slowcheetah**](https://togithub.com/slowcheetah)
- Some stylistic changes and minor optimizations
- Compat data improvements:
- [`Iterator` helpers proposal](https://togithub.com/tc39/proposal-iterator-helpers) methods marked as [shipped from FF131](https://bugzilla.mozilla.org/show_bug.cgi?id=1896390)
- [`Math.f16round` and `DataView.prototype.{ getFloat16, setFloat16 }`](https://togithub.com/tc39/proposal-float16array) marked as shipped from Bun 1.1.23
- [`RegExp.escape`](https://togithub.com/tc39/proposal-regex-escaping) marked as shipped from Bun 1.1.22
- [`Promise.try`](https://togithub.com/tc39/proposal-promise-try) marked as shipped from Bun 1.1.22
- [`Uint8Array` to / from base64 and hex proposal](https://togithub.com/tc39/proposal-arraybuffer-base64) methods marked as shipped from Bun 1.1.22
- Added Hermes 0.13 compat data, similar to React Native 0.75 Hermes
- Added Opera Android 84 compat data mapping
</details>
<details>
<summary>iamkun/dayjs (dayjs)</summary>
### [`v1.11.13`](https://togithub.com/iamkun/dayjs/compare/v1.11.12...93c8fd0f807b8a8252f4cd65083bb1d6a49b90e7)
[Compare Source](https://togithub.com/iamkun/dayjs/compare/v1.11.12...v1.11.13)
</details>
<details>
<summary>electron/electron (electron)</summary>
### [`v32.0.1`](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
[Compare Source](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
</details>
<details>
<summary>davidjerleke/embla-carousel (embla-carousel-react)</summary>
### [`v8.2.0`](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...6baf1555c6f68e88a7f785213ecf363f447a8b2f)
[Compare Source](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...v8.2.0)
</details>
<details>
<summary>typicode/husky (husky)</summary>
### [`v9.1.5`](https://togithub.com/typicode/husky/compare/v9.1.4...2fee8d212c601942ad146ea9209f15c20a07fb6d)
[Compare Source](https://togithub.com/typicode/husky/compare/v9.1.4...v9.1.5)
</details>
<details>
<summary>jotaijs/jotai-scope (jotai-scope)</summary>
### [`v0.7.2`](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
[Compare Source](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
</details>
<details>
<summary>lucide-icons/lucide (lucide-react)</summary>
### [`v0.429.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.429.0): New icons 0.429.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.428.0...0.429.0)
#### Modified Icons 🔨
- `message-square-dashed` ([#​2374](https://togithub.com/lucide-icons/lucide/issues/2374)) by [@​jguddas](https://togithub.com/jguddas)
- `stethoscope` ([#​2379](https://togithub.com/lucide-icons/lucide/issues/2379)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.428.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.428.0): New icons 0.428.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.427.0...0.428.0)
#### New icons 🎨
- `tickets-plane` ([#​2196](https://togithub.com/lucide-icons/lucide/issues/2196)) by [@​jguddas](https://togithub.com/jguddas)
#### Modified Icons 🔨
- `folder-search` ([#​2354](https://togithub.com/lucide-icons/lucide/issues/2354)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.427.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.427.0): New icons 0.427.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.426.0...0.427.0)
#### New icons 🎨
- `binoculars` ([#​2207](https://togithub.com/lucide-icons/lucide/issues/2207)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `tickets` ([#​2335](https://togithub.com/lucide-icons/lucide/issues/2335)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.426.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.426.0): New icons 0.426.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.425.0...0.426.0)
#### New icons 🎨
- `chevrons-left-right-ellipsis` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
- `ethernet-port` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
#### Modified Icons 🔨
- `cigarette-off` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
- `cigarette` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.425.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.425.0): New icons 0.425.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.424.0...0.425.0)
#### New icons 🎨
- `bandage` ([#​2341](https://togithub.com/lucide-icons/lucide/issues/2341)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `table-of-contents` ([#​2348](https://togithub.com/lucide-icons/lucide/issues/2348)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `mouse-pointer-2` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-ban` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-click` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-dashed-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.424.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.424.0): New icons 0.424.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.423.0...0.424.0)
#### New icons 🎨
- `map-pin-house` ([#​2337](https://togithub.com/lucide-icons/lucide/issues/2337)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `replace-all` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
- `replace` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.423.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.423.0): New icons 0.423.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.422.0...0.423.0)
#### New icons 🎨
- `amphora` ([#​1926](https://togithub.com/lucide-icons/lucide/issues/1926)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.422.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.422.0): New icons 0.422.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.421.0...0.422.0)
#### Modified Icons 🔨
- `skull` ([#​2197](https://togithub.com/lucide-icons/lucide/issues/2197)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.421.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.421.0): New icons 0.421.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.420.0...0.421.0)
#### New icons 🎨
- `microchip` ([#​1982](https://togithub.com/lucide-icons/lucide/issues/1982)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `circle-check-big` ([#​2330](https://togithub.com/lucide-icons/lucide/issues/2330)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-download` ([#​2355](https://togithub.com/lucide-icons/lucide/issues/2355)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `pentagon` ([#​1918](https://togithub.com/lucide-icons/lucide/issues/1918)) by [@​jguddas](https://togithub.com/jguddas)
- `square-check-big` ([#​2331](https://togithub.com/lucide-icons/lucide/issues/2331)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.420.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.420.0): New icons 0.420.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.419.0...0.420.0)
#### New icons 🎨
- `omega` ([#​2347](https://togithub.com/lucide-icons/lucide/issues/2347)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `calendar-search` ([#​2351](https://togithub.com/lucide-icons/lucide/issues/2351)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-upload` ([#​2352](https://togithub.com/lucide-icons/lucide/issues/2352)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.419.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.419.0): New icons 0.419.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.418.0...0.419.0)
#### New icons 🎨
- `circle-fading-arrow-up` ([#​2287](https://togithub.com/lucide-icons/lucide/issues/2287)) by [@​mosch](https://togithub.com/mosch)
### [`v0.418.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.418.0): New icons 0.418.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.417.0...0.418.0)
#### New icons 🎨
- `id-card` ([#​1296](https://togithub.com/lucide-icons/lucide/issues/1296)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.417.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.417.0): New icons 0.417.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.416.0...0.417.0)
#### Modified Icons 🔨
- `chart-column-increasing` ([#​2334](https://togithub.com/lucide-icons/lucide/issues/2334)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.416.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.416.0): New icons 0.416.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.415.0...0.416.0)
#### New icons 🎨
- `map-pin-check-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-check` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `map-pin-off` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pinned` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.415.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.415.0): New icons 0.415.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.414.0...0.415.0)
#### New icons 🎨
- `square-square` ([#​2241](https://togithub.com/lucide-icons/lucide/issues/2241)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.414.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.414.0): New icons 0.414.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.413.0...0.414.0)
#### New icons 🎨
- `chart-area` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-decreasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-big` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-network` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-no-axes-combined` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-spline` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.413.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.413.0): New icons 0.413.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.412.0...0.413.0)
#### New icons 🎨
- `dam` ([#​2233](https://togithub.com/lucide-icons/lucide/issues/2233)) by [@​AndreasSas](https://togithub.com/AndreasSas)
#### Modified Icons 🔨
- `dog` ([#​2249](https://togithub.com/lucide-icons/lucide/issues/2249)) by [@​jguddas](https://togithub.com/jguddas)
- `key-square` ([#​2277](https://togithub.com/lucide-icons/lucide/issues/2277)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.412.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.412.0): New icons 0.412.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.411.0...0.412.0)
#### New icons 🎨
- `letter-text` ([#​2252](https://togithub.com/lucide-icons/lucide/issues/2252)) by [@​GRA0007](https://togithub.com/GRA0007)
### [`v0.411.0`](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
### [`v0.410.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.410.0): New icons 0.410.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.409.0...0.410.0)
#### New icons 🎨
- `philippine-peso` ([#​2231](https://togithub.com/lucide-icons/lucide/issues/2231)) by [@​kasutu](https://togithub.com/kasutu)
#### Modified Icons 🔨
- `ribbon` ([#​2271](https://togithub.com/lucide-icons/lucide/issues/2271)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.409.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.409.0): New icons 0.409.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.408.0...0.409.0)
#### Modified Icons 🔨
- `calendar-minus` ([#​2265](https://togithub.com/lucide-icons/lucide/issues/2265)) by [@​jguddas](https://togithub.com/jguddas)
- `eye-off` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `image-plus` ([#​2321](https://togithub.com/lucide-icons/lucide/issues/2321)) by [@​jguddas](https://togithub.com/jguddas)
- `scan-eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `view` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
</details>
<details>
<summary>nodejs/node (node)</summary>
### [`v20.16.0`](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
[Compare Source](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
</details>
<details>
<summary>facebook/react (react-refresh)</summary>
### [`v0.14.2`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0142-November-2-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.1...v0.14.2)
##### React DOM
- Fixed bug with development build preventing events from firing in some versions of Internet Explorer & Edge
- Fixed bug with development build when using es5-sham in older versions of Internet Explorer
- Added support for `integrity` attribute
- Fixed bug resulting in `children` prop being coerced to a string for custom elements, which was not the desired behavior
- Moved `react` from `dependencies` to `peerDependencies` to match expectations and align with `react-addons-*` packages
### [`v0.14.1`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#01410-October-14-2020)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.0...v0.14.1)
##### React
- Backport support for the [new JSX transform](https://reactjs.org/blog/2020/09/22/introducing-the-new-jsx-transform.html) to 0.14.x. ([@​lunaruan](https://togithub.com/lunaruan) in [#​18299](https://togithub.com/facebook/react/pull/18299) and [@​gaearon](https://togithub.com/gaearon) in [#​20024](https://togithub.com/facebook/react/pull/20024))
### [`v0.14.0`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0140-October-7-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.13.0...v0.14.0)
##### Major changes
- Split the main `react` package into two: `react` and `react-dom`. This paves the way to writing components that can be shared between the web version of React and React Native. This means you will need to include both files and some functions have been moved from `React` to `ReactDOM`.
- Addons have been moved to separate packages (`react-addons-clone-with-props`, `react-addons-create-fragment`, `react-addons-css-transition-group`, `react-addons-linked-state-mixin`, `react-addons-perf`, `react-addons-pure-render-mixin`, `react-addons-shallow-compare`, `react-addons-test-utils`, `react-addons-transition-group`, `react-addons-update`, `ReactDOM.unstable_batchedUpdates`).
- Stateless functional components - React components were previously created using React.createClass or using ES6 classes. This release adds a [new syntax](https://reactjs.org/docs/reusable-components.html#stateless-functions) where a user defines a single [stateless render function](https://reactjs.org/docs/reusable-components.html#stateless-functions) (with one parameter: `props`) which returns a JSX element, and this function may be used as a component.
- Refs to DOM components as the DOM node itself. Previously the only useful thing you can do with a DOM component is call `getDOMNode()` to get the underlying DOM node. Starting with this release, a ref to a DOM component *is* the actual DOM node. **Note that refs to custom (user-defined) components work exactly as before; only the built-in DOM components are affected by this change.**
##### Breaking changes
- `React.initializeTouchEvents` is no longer necessary and has been removed completely. Touch events now work automatically.
- Add-Ons: Due to the DOM node refs change mentioned above, `TestUtils.findAllInRenderedTree` and related helpers are no longer able to take a DOM component, only a custom component.
- The `props` object is now frozen, so mutating props after creating a component element is no longer supported. In most cases, [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) should be used instead. This change makes your components easier to reason about and enables the compiler optimizations mentioned above.
- Plain objects are no longer supported as React children; arrays should be used instead. You can use the [`createFragment`](https://reactjs.org/docs/create-fragment.html) helper to migrate, which now returns an array.
- Add-Ons: `classSet` has been removed. Use [classnames](https://togithub.com/JedWatson/classnames) instead.
- Web components (custom elements) now use native property names. Eg: `class` instead of `className`.
##### Deprecations
- `this.getDOMNode()` is now deprecated and `ReactDOM.findDOMNode(this)` can be used instead. Note that in the common case, `findDOMNode` is now unnecessary since a ref to the DOM component is now the actual DOM node.
- `setProps` and `replaceProps` are now deprecated. Instead, call ReactDOM.render again at the top level with the new props.
- ES6 component classes must now extend `React.Component` in order to enable stateless function components. The [ES3 module pattern](https://reactjs.org/blog/2015/01/27/react-v0.13.0-beta-1.html#other-languages) will continue to work.
- Reusing and mutating a `style` object between renders has been deprecated. This mirrors our change to freeze the `props` object.
- Add-Ons: `cloneWithProps` is now deprecated. Use [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) instead (unlike `cloneW
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-22 07:12:22 +03:00
|
|
|
"windows-sys 0.52.0",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "tokio-macros"
|
chore: bump up all non-major dependencies (#7925)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type | Update |
|---|---|---|---|---|---|---|---|
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@chromatic-com/storybook](https://togithub.com/chromaui/addon-visual-tests) | [`1.6.1` -> `1.7.0`](https://renovatebot.com/diffs/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [@fal-ai/serverless-client](https://togithub.com/fal-ai/fal-js) ([source](https://togithub.com/fal-ai/fal-js/tree/HEAD/libs/client)) | [`^0.13.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@napi-rs/cli](https://togithub.com/napi-rs/napi-rs) | [`3.0.0-alpha.60` -> `3.0.0-alpha.62`](https://renovatebot.com/diffs/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@playwright/test](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@types/react](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/react) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react)) | [`18.3.3` -> `18.3.4`](https://renovatebot.com/diffs/npm/@types%2freact/18.3.3/18.3.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/css](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/css)) | [`1.15.4` -> `1.15.5`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fcss/1.15.4/1.15.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/vite-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/vite-plugin)) | [`4.0.14` -> `4.0.15`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/webpack-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/webpack-plugin)) | [`2.3.12` -> `2.3.13`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [dayjs](https://day.js.org) ([source](https://togithub.com/iamkun/dayjs)) | [`1.11.12` -> `1.11.13`](https://renovatebot.com/diffs/npm/dayjs/1.11.12/1.11.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [electron](https://togithub.com/electron/electron) | [`32.0.0` -> `32.0.1`](https://renovatebot.com/diffs/npm/electron/32.0.0/32.0.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [embla-carousel-react](https://www.embla-carousel.com) ([source](https://togithub.com/davidjerleke/embla-carousel)) | [`8.1.8` -> `8.2.0`](https://renovatebot.com/diffs/npm/embla-carousel-react/8.1.8/8.2.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [husky](https://togithub.com/typicode/husky) | [`9.1.4` -> `9.1.5`](https://renovatebot.com/diffs/npm/husky/9.1.4/9.1.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [jotai-scope](https://togithub.com/jotaijs/jotai-scope) | [`0.7.1` -> `0.7.2`](https://renovatebot.com/diffs/npm/jotai-scope/0.7.1/0.7.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [lucide-react](https://lucide.dev) ([source](https://togithub.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react)) | [`^0.408.0` -> `^0.429.0`](https://renovatebot.com/diffs/npm/lucide-react/0.408.0/0.429.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [napi](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.7` -> `3.0.0-alpha.8` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [napi-derive](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.6` -> `3.0.0-alpha.7` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [nestjs-throttler-storage-redis](https://togithub.com/kkoomen/nestjs-throttler-storage-redis) | [`^0.4.1` -> `^0.5.0`](https://renovatebot.com/diffs/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [node](https://nodejs.org) ([source](https://togithub.com/nodejs/node)) | `20.15.1` -> `20.16.0` | [![age](https://developer.mend.io/api/mc/badges/age/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor |
| openresty/openresty | `1.25.3.1-0-buster` -> `1.25.3.2-0-buster` | [![age](https://developer.mend.io/api/mc/badges/age/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | final | patch |
| [playwright](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/playwright/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [react-refresh](https://reactjs.org/) ([source](https://togithub.com/facebook/react/tree/HEAD/packages/react)) | [`^0.10.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/react-refresh/0.10.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [serde](https://serde.rs) ([source](https://togithub.com/serde-rs/serde)) | `1.0.204` -> `1.0.208` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [serde_json](https://togithub.com/serde-rs/json) | `1.0.120` -> `1.0.125` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [storybook-dark-mode](https://togithub.com/hipstersmoothie/storybook-dark-mode) | [`4.0.1` -> `4.0.2`](https://renovatebot.com/diffs/npm/storybook-dark-mode/4.0.1/4.0.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dev-dependencies | minor |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | minor |
| [vite](https://vitejs.dev) ([source](https://togithub.com/vitejs/vite/tree/HEAD/packages/vite)) | [`5.4.1` -> `5.4.2`](https://renovatebot.com/diffs/npm/vite/5.4.1/5.4.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [vite-plugin-dts](https://togithub.com/qmhc/vite-plugin-dts) | [`4.0.2` -> `4.0.3`](https://renovatebot.com/diffs/npm/vite-plugin-dts/4.0.2/4.0.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [wrangler](https://togithub.com/cloudflare/workers-sdk) ([source](https://togithub.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler)) | [`3.72.0` -> `3.72.1`](https://renovatebot.com/diffs/npm/wrangler/3.72.0/3.72.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
---
### Release Notes
<details>
<summary>aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)</summary>
### [`v3.635.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#36350-2024-08-20)
[Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.633.0...v3.635.0)
##### Features
- **client-s3:** Amazon Simple Storage Service / Features : Add support for conditional writes for PutObject and CompleteMultipartUpload APIs. ([b474584](https://togithub.com/aws/aws-sdk-js-v3/commit/b474584f2cfb0438fb1007d0594a54cf1a1c2dcb))
- **codegen:** add Smithy RPCv2 CBOR to list of protocols ([#​6096](https://togithub.com/aws/aws-sdk-js-v3/issues/6096)) ([5154d4f](https://togithub.com/aws/aws-sdk-js-v3/commit/5154d4f19bc77a7bad075b35ce135d3b5f60ad1d))
</details>
<details>
<summary>chromaui/addon-visual-tests (@​chromatic-com/storybook)</summary>
### [`v1.7.0`](https://togithub.com/chromaui/addon-visual-tests/blob/HEAD/CHANGELOG.md#v170-Tue-Aug-20-2024)
[Compare Source](https://togithub.com/chromaui/addon-visual-tests/compare/v1.6.1...v1.7.0)
##### 🚀 Enhancement
- Update story status reporting for Storybook 8.3 and use new `SET_FILTER` event [#​332](https://togithub.com/chromaui/addon-visual-tests/pull/332) ([@​ghengeveld](https://togithub.com/ghengeveld))
##### Authors: 1
- Gert Hengeveld ([@​ghengeveld](https://togithub.com/ghengeveld))
***
</details>
<details>
<summary>emotion-js/emotion (@​emotion/react)</summary>
### [`v11.13.3`](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...3f468846855ed1c6092922a6317a6f5df0ba8dcc)
[Compare Source](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...@emotion/react@11.13.3)
</details>
<details>
<summary>fal-ai/fal-js (@​fal-ai/serverless-client)</summary>
### [`v0.14.2`](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
### [`v0.14.1`](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
### [`v0.14.0`](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
</details>
<details>
<summary>napi-rs/napi-rs (@​napi-rs/cli)</summary>
### [`v3.0.0-alpha.62`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
### [`v3.0.0-alpha.61`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
</details>
<details>
<summary>microsoft/playwright (@​playwright/test)</summary>
### [`v1.46.1`](https://togithub.com/microsoft/playwright/compare/v1.46.0...e1c861cfa7a6caf3c5b798786b1e6298c4f3cf31)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.46.0...v1.46.1)
### [`v1.46.0`](https://togithub.com/microsoft/playwright/compare/v1.45.3...99a36310570617222290c09b96a2026beb8b00f9)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.3...v1.46.0)
### [`v1.45.3`](https://togithub.com/microsoft/playwright/compare/v1.45.2...0e130fa8edaf85765c4a5a86bded0e6d33bfd7c2)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.2...v1.45.3)
### [`v1.45.2`](https://togithub.com/microsoft/playwright/compare/v1.45.1...d8a5f3b33193e413b404ff4aa1f71e859d8f1b6b)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.1...v1.45.2)
### [`v1.45.1`](https://togithub.com/microsoft/playwright/compare/v1.45.0...e8989f83d9801cdaadc3803b5341c601c9593947)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.0...v1.45.1)
### [`v1.45.0`](https://togithub.com/microsoft/playwright/compare/v1.44.1...4f3f6eecae490af444dd9298c9eaeb0c596915b7)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.44.1...v1.45.0)
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/css)</summary>
### [`v1.15.5`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/css/CHANGELOG.md#1155)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/css@1.15.4...@vanilla-extract/css@1.15.5)
##### Patch Changes
- [#​1466](https://togithub.com/vanilla-extract-css/vanilla-extract/pull/1466) [`6432199fa0717f424fb3f45fbe36410b03b01c1c`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/6432199fa0717f424fb3f45fbe36410b03b01c1c) Thanks [@​askoufis](https://togithub.com/askoufis)! - Speed up dev prefix generation for long file paths
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/vite-plugin)</summary>
### [`v4.0.15`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/vite-plugin/CHANGELOG.md#4015)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/vite-plugin@4.0.14...@vanilla-extract/vite-plugin@4.0.15)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/webpack-plugin)</summary>
### [`v2.3.13`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/webpack-plugin/CHANGELOG.md#2313)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/webpack-plugin@2.3.12...@vanilla-extract/webpack-plugin@2.3.13)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>zloirock/core-js (core-js)</summary>
### [`v3.38.1`](https://togithub.com/zloirock/core-js/blob/HEAD/CHANGELOG.md#3381---20240820)
[Compare Source](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Changes [v3.38.0...v3.38.1](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Fixed some cases of `URLSearchParams` percent decoding, [#​1357](https://togithub.com/zloirock/core-js/issues/1357), [#​1361](https://togithub.com/zloirock/core-js/pull/1361), thanks [**@​slowcheetah**](https://togithub.com/slowcheetah)
- Some stylistic changes and minor optimizations
- Compat data improvements:
- [`Iterator` helpers proposal](https://togithub.com/tc39/proposal-iterator-helpers) methods marked as [shipped from FF131](https://bugzilla.mozilla.org/show_bug.cgi?id=1896390)
- [`Math.f16round` and `DataView.prototype.{ getFloat16, setFloat16 }`](https://togithub.com/tc39/proposal-float16array) marked as shipped from Bun 1.1.23
- [`RegExp.escape`](https://togithub.com/tc39/proposal-regex-escaping) marked as shipped from Bun 1.1.22
- [`Promise.try`](https://togithub.com/tc39/proposal-promise-try) marked as shipped from Bun 1.1.22
- [`Uint8Array` to / from base64 and hex proposal](https://togithub.com/tc39/proposal-arraybuffer-base64) methods marked as shipped from Bun 1.1.22
- Added Hermes 0.13 compat data, similar to React Native 0.75 Hermes
- Added Opera Android 84 compat data mapping
</details>
<details>
<summary>iamkun/dayjs (dayjs)</summary>
### [`v1.11.13`](https://togithub.com/iamkun/dayjs/compare/v1.11.12...93c8fd0f807b8a8252f4cd65083bb1d6a49b90e7)
[Compare Source](https://togithub.com/iamkun/dayjs/compare/v1.11.12...v1.11.13)
</details>
<details>
<summary>electron/electron (electron)</summary>
### [`v32.0.1`](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
[Compare Source](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
</details>
<details>
<summary>davidjerleke/embla-carousel (embla-carousel-react)</summary>
### [`v8.2.0`](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...6baf1555c6f68e88a7f785213ecf363f447a8b2f)
[Compare Source](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...v8.2.0)
</details>
<details>
<summary>typicode/husky (husky)</summary>
### [`v9.1.5`](https://togithub.com/typicode/husky/compare/v9.1.4...2fee8d212c601942ad146ea9209f15c20a07fb6d)
[Compare Source](https://togithub.com/typicode/husky/compare/v9.1.4...v9.1.5)
</details>
<details>
<summary>jotaijs/jotai-scope (jotai-scope)</summary>
### [`v0.7.2`](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
[Compare Source](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
</details>
<details>
<summary>lucide-icons/lucide (lucide-react)</summary>
### [`v0.429.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.429.0): New icons 0.429.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.428.0...0.429.0)
#### Modified Icons 🔨
- `message-square-dashed` ([#​2374](https://togithub.com/lucide-icons/lucide/issues/2374)) by [@​jguddas](https://togithub.com/jguddas)
- `stethoscope` ([#​2379](https://togithub.com/lucide-icons/lucide/issues/2379)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.428.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.428.0): New icons 0.428.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.427.0...0.428.0)
#### New icons 🎨
- `tickets-plane` ([#​2196](https://togithub.com/lucide-icons/lucide/issues/2196)) by [@​jguddas](https://togithub.com/jguddas)
#### Modified Icons 🔨
- `folder-search` ([#​2354](https://togithub.com/lucide-icons/lucide/issues/2354)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.427.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.427.0): New icons 0.427.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.426.0...0.427.0)
#### New icons 🎨
- `binoculars` ([#​2207](https://togithub.com/lucide-icons/lucide/issues/2207)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `tickets` ([#​2335](https://togithub.com/lucide-icons/lucide/issues/2335)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.426.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.426.0): New icons 0.426.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.425.0...0.426.0)
#### New icons 🎨
- `chevrons-left-right-ellipsis` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
- `ethernet-port` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
#### Modified Icons 🔨
- `cigarette-off` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
- `cigarette` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.425.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.425.0): New icons 0.425.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.424.0...0.425.0)
#### New icons 🎨
- `bandage` ([#​2341](https://togithub.com/lucide-icons/lucide/issues/2341)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `table-of-contents` ([#​2348](https://togithub.com/lucide-icons/lucide/issues/2348)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `mouse-pointer-2` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-ban` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-click` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-dashed-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.424.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.424.0): New icons 0.424.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.423.0...0.424.0)
#### New icons 🎨
- `map-pin-house` ([#​2337](https://togithub.com/lucide-icons/lucide/issues/2337)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `replace-all` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
- `replace` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.423.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.423.0): New icons 0.423.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.422.0...0.423.0)
#### New icons 🎨
- `amphora` ([#​1926](https://togithub.com/lucide-icons/lucide/issues/1926)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.422.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.422.0): New icons 0.422.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.421.0...0.422.0)
#### Modified Icons 🔨
- `skull` ([#​2197](https://togithub.com/lucide-icons/lucide/issues/2197)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.421.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.421.0): New icons 0.421.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.420.0...0.421.0)
#### New icons 🎨
- `microchip` ([#​1982](https://togithub.com/lucide-icons/lucide/issues/1982)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `circle-check-big` ([#​2330](https://togithub.com/lucide-icons/lucide/issues/2330)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-download` ([#​2355](https://togithub.com/lucide-icons/lucide/issues/2355)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `pentagon` ([#​1918](https://togithub.com/lucide-icons/lucide/issues/1918)) by [@​jguddas](https://togithub.com/jguddas)
- `square-check-big` ([#​2331](https://togithub.com/lucide-icons/lucide/issues/2331)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.420.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.420.0): New icons 0.420.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.419.0...0.420.0)
#### New icons 🎨
- `omega` ([#​2347](https://togithub.com/lucide-icons/lucide/issues/2347)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `calendar-search` ([#​2351](https://togithub.com/lucide-icons/lucide/issues/2351)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-upload` ([#​2352](https://togithub.com/lucide-icons/lucide/issues/2352)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.419.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.419.0): New icons 0.419.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.418.0...0.419.0)
#### New icons 🎨
- `circle-fading-arrow-up` ([#​2287](https://togithub.com/lucide-icons/lucide/issues/2287)) by [@​mosch](https://togithub.com/mosch)
### [`v0.418.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.418.0): New icons 0.418.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.417.0...0.418.0)
#### New icons 🎨
- `id-card` ([#​1296](https://togithub.com/lucide-icons/lucide/issues/1296)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.417.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.417.0): New icons 0.417.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.416.0...0.417.0)
#### Modified Icons 🔨
- `chart-column-increasing` ([#​2334](https://togithub.com/lucide-icons/lucide/issues/2334)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.416.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.416.0): New icons 0.416.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.415.0...0.416.0)
#### New icons 🎨
- `map-pin-check-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-check` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `map-pin-off` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pinned` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.415.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.415.0): New icons 0.415.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.414.0...0.415.0)
#### New icons 🎨
- `square-square` ([#​2241](https://togithub.com/lucide-icons/lucide/issues/2241)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.414.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.414.0): New icons 0.414.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.413.0...0.414.0)
#### New icons 🎨
- `chart-area` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-decreasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-big` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-network` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-no-axes-combined` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-spline` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.413.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.413.0): New icons 0.413.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.412.0...0.413.0)
#### New icons 🎨
- `dam` ([#​2233](https://togithub.com/lucide-icons/lucide/issues/2233)) by [@​AndreasSas](https://togithub.com/AndreasSas)
#### Modified Icons 🔨
- `dog` ([#​2249](https://togithub.com/lucide-icons/lucide/issues/2249)) by [@​jguddas](https://togithub.com/jguddas)
- `key-square` ([#​2277](https://togithub.com/lucide-icons/lucide/issues/2277)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.412.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.412.0): New icons 0.412.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.411.0...0.412.0)
#### New icons 🎨
- `letter-text` ([#​2252](https://togithub.com/lucide-icons/lucide/issues/2252)) by [@​GRA0007](https://togithub.com/GRA0007)
### [`v0.411.0`](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
### [`v0.410.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.410.0): New icons 0.410.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.409.0...0.410.0)
#### New icons 🎨
- `philippine-peso` ([#​2231](https://togithub.com/lucide-icons/lucide/issues/2231)) by [@​kasutu](https://togithub.com/kasutu)
#### Modified Icons 🔨
- `ribbon` ([#​2271](https://togithub.com/lucide-icons/lucide/issues/2271)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.409.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.409.0): New icons 0.409.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.408.0...0.409.0)
#### Modified Icons 🔨
- `calendar-minus` ([#​2265](https://togithub.com/lucide-icons/lucide/issues/2265)) by [@​jguddas](https://togithub.com/jguddas)
- `eye-off` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `image-plus` ([#​2321](https://togithub.com/lucide-icons/lucide/issues/2321)) by [@​jguddas](https://togithub.com/jguddas)
- `scan-eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `view` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
</details>
<details>
<summary>nodejs/node (node)</summary>
### [`v20.16.0`](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
[Compare Source](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
</details>
<details>
<summary>facebook/react (react-refresh)</summary>
### [`v0.14.2`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0142-November-2-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.1...v0.14.2)
##### React DOM
- Fixed bug with development build preventing events from firing in some versions of Internet Explorer & Edge
- Fixed bug with development build when using es5-sham in older versions of Internet Explorer
- Added support for `integrity` attribute
- Fixed bug resulting in `children` prop being coerced to a string for custom elements, which was not the desired behavior
- Moved `react` from `dependencies` to `peerDependencies` to match expectations and align with `react-addons-*` packages
### [`v0.14.1`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#01410-October-14-2020)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.0...v0.14.1)
##### React
- Backport support for the [new JSX transform](https://reactjs.org/blog/2020/09/22/introducing-the-new-jsx-transform.html) to 0.14.x. ([@​lunaruan](https://togithub.com/lunaruan) in [#​18299](https://togithub.com/facebook/react/pull/18299) and [@​gaearon](https://togithub.com/gaearon) in [#​20024](https://togithub.com/facebook/react/pull/20024))
### [`v0.14.0`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0140-October-7-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.13.0...v0.14.0)
##### Major changes
- Split the main `react` package into two: `react` and `react-dom`. This paves the way to writing components that can be shared between the web version of React and React Native. This means you will need to include both files and some functions have been moved from `React` to `ReactDOM`.
- Addons have been moved to separate packages (`react-addons-clone-with-props`, `react-addons-create-fragment`, `react-addons-css-transition-group`, `react-addons-linked-state-mixin`, `react-addons-perf`, `react-addons-pure-render-mixin`, `react-addons-shallow-compare`, `react-addons-test-utils`, `react-addons-transition-group`, `react-addons-update`, `ReactDOM.unstable_batchedUpdates`).
- Stateless functional components - React components were previously created using React.createClass or using ES6 classes. This release adds a [new syntax](https://reactjs.org/docs/reusable-components.html#stateless-functions) where a user defines a single [stateless render function](https://reactjs.org/docs/reusable-components.html#stateless-functions) (with one parameter: `props`) which returns a JSX element, and this function may be used as a component.
- Refs to DOM components as the DOM node itself. Previously the only useful thing you can do with a DOM component is call `getDOMNode()` to get the underlying DOM node. Starting with this release, a ref to a DOM component *is* the actual DOM node. **Note that refs to custom (user-defined) components work exactly as before; only the built-in DOM components are affected by this change.**
##### Breaking changes
- `React.initializeTouchEvents` is no longer necessary and has been removed completely. Touch events now work automatically.
- Add-Ons: Due to the DOM node refs change mentioned above, `TestUtils.findAllInRenderedTree` and related helpers are no longer able to take a DOM component, only a custom component.
- The `props` object is now frozen, so mutating props after creating a component element is no longer supported. In most cases, [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) should be used instead. This change makes your components easier to reason about and enables the compiler optimizations mentioned above.
- Plain objects are no longer supported as React children; arrays should be used instead. You can use the [`createFragment`](https://reactjs.org/docs/create-fragment.html) helper to migrate, which now returns an array.
- Add-Ons: `classSet` has been removed. Use [classnames](https://togithub.com/JedWatson/classnames) instead.
- Web components (custom elements) now use native property names. Eg: `class` instead of `className`.
##### Deprecations
- `this.getDOMNode()` is now deprecated and `ReactDOM.findDOMNode(this)` can be used instead. Note that in the common case, `findDOMNode` is now unnecessary since a ref to the DOM component is now the actual DOM node.
- `setProps` and `replaceProps` are now deprecated. Instead, call ReactDOM.render again at the top level with the new props.
- ES6 component classes must now extend `React.Component` in order to enable stateless function components. The [ES3 module pattern](https://reactjs.org/blog/2015/01/27/react-v0.13.0-beta-1.html#other-languages) will continue to work.
- Reusing and mutating a `style` object between renders has been deprecated. This mirrors our change to freeze the `props` object.
- Add-Ons: `cloneWithProps` is now deprecated. Use [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) instead (unlike `cloneW
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-22 07:12:22 +03:00
|
|
|
version = "2.4.0"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
chore: bump up all non-major dependencies (#7925)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type | Update |
|---|---|---|---|---|---|---|---|
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@chromatic-com/storybook](https://togithub.com/chromaui/addon-visual-tests) | [`1.6.1` -> `1.7.0`](https://renovatebot.com/diffs/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [@fal-ai/serverless-client](https://togithub.com/fal-ai/fal-js) ([source](https://togithub.com/fal-ai/fal-js/tree/HEAD/libs/client)) | [`^0.13.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@napi-rs/cli](https://togithub.com/napi-rs/napi-rs) | [`3.0.0-alpha.60` -> `3.0.0-alpha.62`](https://renovatebot.com/diffs/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@playwright/test](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@types/react](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/react) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react)) | [`18.3.3` -> `18.3.4`](https://renovatebot.com/diffs/npm/@types%2freact/18.3.3/18.3.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/css](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/css)) | [`1.15.4` -> `1.15.5`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fcss/1.15.4/1.15.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/vite-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/vite-plugin)) | [`4.0.14` -> `4.0.15`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/webpack-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/webpack-plugin)) | [`2.3.12` -> `2.3.13`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [dayjs](https://day.js.org) ([source](https://togithub.com/iamkun/dayjs)) | [`1.11.12` -> `1.11.13`](https://renovatebot.com/diffs/npm/dayjs/1.11.12/1.11.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [electron](https://togithub.com/electron/electron) | [`32.0.0` -> `32.0.1`](https://renovatebot.com/diffs/npm/electron/32.0.0/32.0.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [embla-carousel-react](https://www.embla-carousel.com) ([source](https://togithub.com/davidjerleke/embla-carousel)) | [`8.1.8` -> `8.2.0`](https://renovatebot.com/diffs/npm/embla-carousel-react/8.1.8/8.2.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [husky](https://togithub.com/typicode/husky) | [`9.1.4` -> `9.1.5`](https://renovatebot.com/diffs/npm/husky/9.1.4/9.1.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [jotai-scope](https://togithub.com/jotaijs/jotai-scope) | [`0.7.1` -> `0.7.2`](https://renovatebot.com/diffs/npm/jotai-scope/0.7.1/0.7.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [lucide-react](https://lucide.dev) ([source](https://togithub.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react)) | [`^0.408.0` -> `^0.429.0`](https://renovatebot.com/diffs/npm/lucide-react/0.408.0/0.429.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [napi](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.7` -> `3.0.0-alpha.8` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [napi-derive](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.6` -> `3.0.0-alpha.7` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [nestjs-throttler-storage-redis](https://togithub.com/kkoomen/nestjs-throttler-storage-redis) | [`^0.4.1` -> `^0.5.0`](https://renovatebot.com/diffs/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [node](https://nodejs.org) ([source](https://togithub.com/nodejs/node)) | `20.15.1` -> `20.16.0` | [![age](https://developer.mend.io/api/mc/badges/age/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor |
| openresty/openresty | `1.25.3.1-0-buster` -> `1.25.3.2-0-buster` | [![age](https://developer.mend.io/api/mc/badges/age/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | final | patch |
| [playwright](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/playwright/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [react-refresh](https://reactjs.org/) ([source](https://togithub.com/facebook/react/tree/HEAD/packages/react)) | [`^0.10.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/react-refresh/0.10.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [serde](https://serde.rs) ([source](https://togithub.com/serde-rs/serde)) | `1.0.204` -> `1.0.208` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [serde_json](https://togithub.com/serde-rs/json) | `1.0.120` -> `1.0.125` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [storybook-dark-mode](https://togithub.com/hipstersmoothie/storybook-dark-mode) | [`4.0.1` -> `4.0.2`](https://renovatebot.com/diffs/npm/storybook-dark-mode/4.0.1/4.0.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dev-dependencies | minor |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | minor |
| [vite](https://vitejs.dev) ([source](https://togithub.com/vitejs/vite/tree/HEAD/packages/vite)) | [`5.4.1` -> `5.4.2`](https://renovatebot.com/diffs/npm/vite/5.4.1/5.4.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [vite-plugin-dts](https://togithub.com/qmhc/vite-plugin-dts) | [`4.0.2` -> `4.0.3`](https://renovatebot.com/diffs/npm/vite-plugin-dts/4.0.2/4.0.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [wrangler](https://togithub.com/cloudflare/workers-sdk) ([source](https://togithub.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler)) | [`3.72.0` -> `3.72.1`](https://renovatebot.com/diffs/npm/wrangler/3.72.0/3.72.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
---
### Release Notes
<details>
<summary>aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)</summary>
### [`v3.635.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#36350-2024-08-20)
[Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.633.0...v3.635.0)
##### Features
- **client-s3:** Amazon Simple Storage Service / Features : Add support for conditional writes for PutObject and CompleteMultipartUpload APIs. ([b474584](https://togithub.com/aws/aws-sdk-js-v3/commit/b474584f2cfb0438fb1007d0594a54cf1a1c2dcb))
- **codegen:** add Smithy RPCv2 CBOR to list of protocols ([#​6096](https://togithub.com/aws/aws-sdk-js-v3/issues/6096)) ([5154d4f](https://togithub.com/aws/aws-sdk-js-v3/commit/5154d4f19bc77a7bad075b35ce135d3b5f60ad1d))
</details>
<details>
<summary>chromaui/addon-visual-tests (@​chromatic-com/storybook)</summary>
### [`v1.7.0`](https://togithub.com/chromaui/addon-visual-tests/blob/HEAD/CHANGELOG.md#v170-Tue-Aug-20-2024)
[Compare Source](https://togithub.com/chromaui/addon-visual-tests/compare/v1.6.1...v1.7.0)
##### 🚀 Enhancement
- Update story status reporting for Storybook 8.3 and use new `SET_FILTER` event [#​332](https://togithub.com/chromaui/addon-visual-tests/pull/332) ([@​ghengeveld](https://togithub.com/ghengeveld))
##### Authors: 1
- Gert Hengeveld ([@​ghengeveld](https://togithub.com/ghengeveld))
***
</details>
<details>
<summary>emotion-js/emotion (@​emotion/react)</summary>
### [`v11.13.3`](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...3f468846855ed1c6092922a6317a6f5df0ba8dcc)
[Compare Source](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...@emotion/react@11.13.3)
</details>
<details>
<summary>fal-ai/fal-js (@​fal-ai/serverless-client)</summary>
### [`v0.14.2`](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
### [`v0.14.1`](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
### [`v0.14.0`](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
</details>
<details>
<summary>napi-rs/napi-rs (@​napi-rs/cli)</summary>
### [`v3.0.0-alpha.62`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
### [`v3.0.0-alpha.61`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
</details>
<details>
<summary>microsoft/playwright (@​playwright/test)</summary>
### [`v1.46.1`](https://togithub.com/microsoft/playwright/compare/v1.46.0...e1c861cfa7a6caf3c5b798786b1e6298c4f3cf31)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.46.0...v1.46.1)
### [`v1.46.0`](https://togithub.com/microsoft/playwright/compare/v1.45.3...99a36310570617222290c09b96a2026beb8b00f9)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.3...v1.46.0)
### [`v1.45.3`](https://togithub.com/microsoft/playwright/compare/v1.45.2...0e130fa8edaf85765c4a5a86bded0e6d33bfd7c2)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.2...v1.45.3)
### [`v1.45.2`](https://togithub.com/microsoft/playwright/compare/v1.45.1...d8a5f3b33193e413b404ff4aa1f71e859d8f1b6b)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.1...v1.45.2)
### [`v1.45.1`](https://togithub.com/microsoft/playwright/compare/v1.45.0...e8989f83d9801cdaadc3803b5341c601c9593947)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.0...v1.45.1)
### [`v1.45.0`](https://togithub.com/microsoft/playwright/compare/v1.44.1...4f3f6eecae490af444dd9298c9eaeb0c596915b7)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.44.1...v1.45.0)
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/css)</summary>
### [`v1.15.5`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/css/CHANGELOG.md#1155)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/css@1.15.4...@vanilla-extract/css@1.15.5)
##### Patch Changes
- [#​1466](https://togithub.com/vanilla-extract-css/vanilla-extract/pull/1466) [`6432199fa0717f424fb3f45fbe36410b03b01c1c`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/6432199fa0717f424fb3f45fbe36410b03b01c1c) Thanks [@​askoufis](https://togithub.com/askoufis)! - Speed up dev prefix generation for long file paths
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/vite-plugin)</summary>
### [`v4.0.15`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/vite-plugin/CHANGELOG.md#4015)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/vite-plugin@4.0.14...@vanilla-extract/vite-plugin@4.0.15)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/webpack-plugin)</summary>
### [`v2.3.13`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/webpack-plugin/CHANGELOG.md#2313)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/webpack-plugin@2.3.12...@vanilla-extract/webpack-plugin@2.3.13)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>zloirock/core-js (core-js)</summary>
### [`v3.38.1`](https://togithub.com/zloirock/core-js/blob/HEAD/CHANGELOG.md#3381---20240820)
[Compare Source](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Changes [v3.38.0...v3.38.1](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Fixed some cases of `URLSearchParams` percent decoding, [#​1357](https://togithub.com/zloirock/core-js/issues/1357), [#​1361](https://togithub.com/zloirock/core-js/pull/1361), thanks [**@​slowcheetah**](https://togithub.com/slowcheetah)
- Some stylistic changes and minor optimizations
- Compat data improvements:
- [`Iterator` helpers proposal](https://togithub.com/tc39/proposal-iterator-helpers) methods marked as [shipped from FF131](https://bugzilla.mozilla.org/show_bug.cgi?id=1896390)
- [`Math.f16round` and `DataView.prototype.{ getFloat16, setFloat16 }`](https://togithub.com/tc39/proposal-float16array) marked as shipped from Bun 1.1.23
- [`RegExp.escape`](https://togithub.com/tc39/proposal-regex-escaping) marked as shipped from Bun 1.1.22
- [`Promise.try`](https://togithub.com/tc39/proposal-promise-try) marked as shipped from Bun 1.1.22
- [`Uint8Array` to / from base64 and hex proposal](https://togithub.com/tc39/proposal-arraybuffer-base64) methods marked as shipped from Bun 1.1.22
- Added Hermes 0.13 compat data, similar to React Native 0.75 Hermes
- Added Opera Android 84 compat data mapping
</details>
<details>
<summary>iamkun/dayjs (dayjs)</summary>
### [`v1.11.13`](https://togithub.com/iamkun/dayjs/compare/v1.11.12...93c8fd0f807b8a8252f4cd65083bb1d6a49b90e7)
[Compare Source](https://togithub.com/iamkun/dayjs/compare/v1.11.12...v1.11.13)
</details>
<details>
<summary>electron/electron (electron)</summary>
### [`v32.0.1`](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
[Compare Source](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
</details>
<details>
<summary>davidjerleke/embla-carousel (embla-carousel-react)</summary>
### [`v8.2.0`](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...6baf1555c6f68e88a7f785213ecf363f447a8b2f)
[Compare Source](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...v8.2.0)
</details>
<details>
<summary>typicode/husky (husky)</summary>
### [`v9.1.5`](https://togithub.com/typicode/husky/compare/v9.1.4...2fee8d212c601942ad146ea9209f15c20a07fb6d)
[Compare Source](https://togithub.com/typicode/husky/compare/v9.1.4...v9.1.5)
</details>
<details>
<summary>jotaijs/jotai-scope (jotai-scope)</summary>
### [`v0.7.2`](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
[Compare Source](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
</details>
<details>
<summary>lucide-icons/lucide (lucide-react)</summary>
### [`v0.429.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.429.0): New icons 0.429.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.428.0...0.429.0)
#### Modified Icons 🔨
- `message-square-dashed` ([#​2374](https://togithub.com/lucide-icons/lucide/issues/2374)) by [@​jguddas](https://togithub.com/jguddas)
- `stethoscope` ([#​2379](https://togithub.com/lucide-icons/lucide/issues/2379)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.428.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.428.0): New icons 0.428.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.427.0...0.428.0)
#### New icons 🎨
- `tickets-plane` ([#​2196](https://togithub.com/lucide-icons/lucide/issues/2196)) by [@​jguddas](https://togithub.com/jguddas)
#### Modified Icons 🔨
- `folder-search` ([#​2354](https://togithub.com/lucide-icons/lucide/issues/2354)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.427.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.427.0): New icons 0.427.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.426.0...0.427.0)
#### New icons 🎨
- `binoculars` ([#​2207](https://togithub.com/lucide-icons/lucide/issues/2207)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `tickets` ([#​2335](https://togithub.com/lucide-icons/lucide/issues/2335)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.426.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.426.0): New icons 0.426.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.425.0...0.426.0)
#### New icons 🎨
- `chevrons-left-right-ellipsis` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
- `ethernet-port` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
#### Modified Icons 🔨
- `cigarette-off` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
- `cigarette` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.425.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.425.0): New icons 0.425.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.424.0...0.425.0)
#### New icons 🎨
- `bandage` ([#​2341](https://togithub.com/lucide-icons/lucide/issues/2341)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `table-of-contents` ([#​2348](https://togithub.com/lucide-icons/lucide/issues/2348)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `mouse-pointer-2` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-ban` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-click` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-dashed-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.424.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.424.0): New icons 0.424.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.423.0...0.424.0)
#### New icons 🎨
- `map-pin-house` ([#​2337](https://togithub.com/lucide-icons/lucide/issues/2337)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `replace-all` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
- `replace` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.423.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.423.0): New icons 0.423.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.422.0...0.423.0)
#### New icons 🎨
- `amphora` ([#​1926](https://togithub.com/lucide-icons/lucide/issues/1926)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.422.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.422.0): New icons 0.422.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.421.0...0.422.0)
#### Modified Icons 🔨
- `skull` ([#​2197](https://togithub.com/lucide-icons/lucide/issues/2197)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.421.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.421.0): New icons 0.421.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.420.0...0.421.0)
#### New icons 🎨
- `microchip` ([#​1982](https://togithub.com/lucide-icons/lucide/issues/1982)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `circle-check-big` ([#​2330](https://togithub.com/lucide-icons/lucide/issues/2330)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-download` ([#​2355](https://togithub.com/lucide-icons/lucide/issues/2355)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `pentagon` ([#​1918](https://togithub.com/lucide-icons/lucide/issues/1918)) by [@​jguddas](https://togithub.com/jguddas)
- `square-check-big` ([#​2331](https://togithub.com/lucide-icons/lucide/issues/2331)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.420.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.420.0): New icons 0.420.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.419.0...0.420.0)
#### New icons 🎨
- `omega` ([#​2347](https://togithub.com/lucide-icons/lucide/issues/2347)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `calendar-search` ([#​2351](https://togithub.com/lucide-icons/lucide/issues/2351)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-upload` ([#​2352](https://togithub.com/lucide-icons/lucide/issues/2352)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.419.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.419.0): New icons 0.419.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.418.0...0.419.0)
#### New icons 🎨
- `circle-fading-arrow-up` ([#​2287](https://togithub.com/lucide-icons/lucide/issues/2287)) by [@​mosch](https://togithub.com/mosch)
### [`v0.418.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.418.0): New icons 0.418.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.417.0...0.418.0)
#### New icons 🎨
- `id-card` ([#​1296](https://togithub.com/lucide-icons/lucide/issues/1296)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.417.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.417.0): New icons 0.417.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.416.0...0.417.0)
#### Modified Icons 🔨
- `chart-column-increasing` ([#​2334](https://togithub.com/lucide-icons/lucide/issues/2334)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.416.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.416.0): New icons 0.416.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.415.0...0.416.0)
#### New icons 🎨
- `map-pin-check-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-check` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `map-pin-off` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pinned` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.415.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.415.0): New icons 0.415.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.414.0...0.415.0)
#### New icons 🎨
- `square-square` ([#​2241](https://togithub.com/lucide-icons/lucide/issues/2241)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.414.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.414.0): New icons 0.414.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.413.0...0.414.0)
#### New icons 🎨
- `chart-area` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-decreasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-big` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-network` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-no-axes-combined` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-spline` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.413.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.413.0): New icons 0.413.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.412.0...0.413.0)
#### New icons 🎨
- `dam` ([#​2233](https://togithub.com/lucide-icons/lucide/issues/2233)) by [@​AndreasSas](https://togithub.com/AndreasSas)
#### Modified Icons 🔨
- `dog` ([#​2249](https://togithub.com/lucide-icons/lucide/issues/2249)) by [@​jguddas](https://togithub.com/jguddas)
- `key-square` ([#​2277](https://togithub.com/lucide-icons/lucide/issues/2277)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.412.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.412.0): New icons 0.412.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.411.0...0.412.0)
#### New icons 🎨
- `letter-text` ([#​2252](https://togithub.com/lucide-icons/lucide/issues/2252)) by [@​GRA0007](https://togithub.com/GRA0007)
### [`v0.411.0`](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
### [`v0.410.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.410.0): New icons 0.410.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.409.0...0.410.0)
#### New icons 🎨
- `philippine-peso` ([#​2231](https://togithub.com/lucide-icons/lucide/issues/2231)) by [@​kasutu](https://togithub.com/kasutu)
#### Modified Icons 🔨
- `ribbon` ([#​2271](https://togithub.com/lucide-icons/lucide/issues/2271)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.409.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.409.0): New icons 0.409.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.408.0...0.409.0)
#### Modified Icons 🔨
- `calendar-minus` ([#​2265](https://togithub.com/lucide-icons/lucide/issues/2265)) by [@​jguddas](https://togithub.com/jguddas)
- `eye-off` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `image-plus` ([#​2321](https://togithub.com/lucide-icons/lucide/issues/2321)) by [@​jguddas](https://togithub.com/jguddas)
- `scan-eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `view` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
</details>
<details>
<summary>nodejs/node (node)</summary>
### [`v20.16.0`](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
[Compare Source](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
</details>
<details>
<summary>facebook/react (react-refresh)</summary>
### [`v0.14.2`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0142-November-2-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.1...v0.14.2)
##### React DOM
- Fixed bug with development build preventing events from firing in some versions of Internet Explorer & Edge
- Fixed bug with development build when using es5-sham in older versions of Internet Explorer
- Added support for `integrity` attribute
- Fixed bug resulting in `children` prop being coerced to a string for custom elements, which was not the desired behavior
- Moved `react` from `dependencies` to `peerDependencies` to match expectations and align with `react-addons-*` packages
### [`v0.14.1`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#01410-October-14-2020)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.0...v0.14.1)
##### React
- Backport support for the [new JSX transform](https://reactjs.org/blog/2020/09/22/introducing-the-new-jsx-transform.html) to 0.14.x. ([@​lunaruan](https://togithub.com/lunaruan) in [#​18299](https://togithub.com/facebook/react/pull/18299) and [@​gaearon](https://togithub.com/gaearon) in [#​20024](https://togithub.com/facebook/react/pull/20024))
### [`v0.14.0`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0140-October-7-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.13.0...v0.14.0)
##### Major changes
- Split the main `react` package into two: `react` and `react-dom`. This paves the way to writing components that can be shared between the web version of React and React Native. This means you will need to include both files and some functions have been moved from `React` to `ReactDOM`.
- Addons have been moved to separate packages (`react-addons-clone-with-props`, `react-addons-create-fragment`, `react-addons-css-transition-group`, `react-addons-linked-state-mixin`, `react-addons-perf`, `react-addons-pure-render-mixin`, `react-addons-shallow-compare`, `react-addons-test-utils`, `react-addons-transition-group`, `react-addons-update`, `ReactDOM.unstable_batchedUpdates`).
- Stateless functional components - React components were previously created using React.createClass or using ES6 classes. This release adds a [new syntax](https://reactjs.org/docs/reusable-components.html#stateless-functions) where a user defines a single [stateless render function](https://reactjs.org/docs/reusable-components.html#stateless-functions) (with one parameter: `props`) which returns a JSX element, and this function may be used as a component.
- Refs to DOM components as the DOM node itself. Previously the only useful thing you can do with a DOM component is call `getDOMNode()` to get the underlying DOM node. Starting with this release, a ref to a DOM component *is* the actual DOM node. **Note that refs to custom (user-defined) components work exactly as before; only the built-in DOM components are affected by this change.**
##### Breaking changes
- `React.initializeTouchEvents` is no longer necessary and has been removed completely. Touch events now work automatically.
- Add-Ons: Due to the DOM node refs change mentioned above, `TestUtils.findAllInRenderedTree` and related helpers are no longer able to take a DOM component, only a custom component.
- The `props` object is now frozen, so mutating props after creating a component element is no longer supported. In most cases, [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) should be used instead. This change makes your components easier to reason about and enables the compiler optimizations mentioned above.
- Plain objects are no longer supported as React children; arrays should be used instead. You can use the [`createFragment`](https://reactjs.org/docs/create-fragment.html) helper to migrate, which now returns an array.
- Add-Ons: `classSet` has been removed. Use [classnames](https://togithub.com/JedWatson/classnames) instead.
- Web components (custom elements) now use native property names. Eg: `class` instead of `className`.
##### Deprecations
- `this.getDOMNode()` is now deprecated and `ReactDOM.findDOMNode(this)` can be used instead. Note that in the common case, `findDOMNode` is now unnecessary since a ref to the DOM component is now the actual DOM node.
- `setProps` and `replaceProps` are now deprecated. Instead, call ReactDOM.render again at the top level with the new props.
- ES6 component classes must now extend `React.Component` in order to enable stateless function components. The [ES3 module pattern](https://reactjs.org/blog/2015/01/27/react-v0.13.0-beta-1.html#other-languages) will continue to work.
- Reusing and mutating a `style` object between renders has been deprecated. This mirrors our change to freeze the `props` object.
- Add-Ons: `cloneWithProps` is now deprecated. Use [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) instead (unlike `cloneW
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-22 07:12:22 +03:00
|
|
|
checksum = "693d596312e88961bc67d7f1f97af8a70227d9f90c31bba5806eec004978d752"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
|
|
|
"proc-macro2",
|
2023-06-07 09:52:19 +03:00
|
|
|
"quote",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"syn",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "tokio-stream"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.1.15"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "267ac89e0bec6e691e5813911606935d77c476ff49024f98abcea3e7b15e37af"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-06-07 09:52:19 +03:00
|
|
|
"futures-core",
|
|
|
|
"pin-project-lite",
|
|
|
|
"tokio",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "tracing"
|
2023-10-23 06:00:15 +03:00
|
|
|
version = "0.1.40"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-10-23 06:00:15 +03:00
|
|
|
checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-06-07 09:52:19 +03:00
|
|
|
"log",
|
|
|
|
"pin-project-lite",
|
|
|
|
"tracing-attributes",
|
|
|
|
"tracing-core",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "tracing-attributes"
|
2023-10-23 06:00:15 +03:00
|
|
|
version = "0.1.27"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-10-23 06:00:15 +03:00
|
|
|
checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-06-07 09:52:19 +03:00
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"syn",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "tracing-core"
|
2023-10-23 06:00:15 +03:00
|
|
|
version = "0.1.32"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-10-23 06:00:15 +03:00
|
|
|
checksum = "c06d3da6113f116aaee68e4d601191614c9053067f9ab7f6edbcb161237daa54"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-06-07 09:52:19 +03:00
|
|
|
"once_cell",
|
2023-08-29 13:07:05 +03:00
|
|
|
"valuable",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "tracing-log"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.2.0"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "ee855f1f400bd0e5c02d150ae5de3840039a3f54b025156404e34c23c03f47c3"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"log",
|
2024-04-19 23:14:13 +03:00
|
|
|
"once_cell",
|
2023-08-29 13:07:05 +03:00
|
|
|
"tracing-core",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "tracing-subscriber"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.3.18"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "ad0f048c97dbd9faa9b7df56362b8ebcaa52adb06b498c050d2f4e32f90a7a8b"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"matchers",
|
2024-01-31 09:54:33 +03:00
|
|
|
"nu-ansi-term",
|
2023-08-29 13:07:05 +03:00
|
|
|
"once_cell",
|
|
|
|
"regex",
|
|
|
|
"sharded-slab",
|
|
|
|
"smallvec",
|
|
|
|
"thread_local",
|
|
|
|
"tracing",
|
|
|
|
"tracing-core",
|
|
|
|
"tracing-log",
|
|
|
|
]
|
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "typenum"
|
2023-10-11 10:36:45 +03:00
|
|
|
version = "1.17.0"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-10-11 10:36:45 +03:00
|
|
|
checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "unicode-bidi"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.3.15"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "08f95100a766bf4f8f28f90d77e0a5461bbdb219042e7679bebe79004fed8d75"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "unicode-ident"
|
2023-10-11 10:36:45 +03:00
|
|
|
version = "1.0.12"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-10-11 10:36:45 +03:00
|
|
|
checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "unicode-normalization"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.1.23"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "a56d1686db2308d901306f92a263857ef59ea39678a5458e7cb17f01415101f5"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-06-07 09:52:19 +03:00
|
|
|
"tinyvec",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
2024-05-28 08:38:11 +03:00
|
|
|
[[package]]
|
|
|
|
name = "unicode-properties"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.1.2"
|
2024-05-28 08:38:11 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "52ea75f83c0137a9b98608359a5f1af8144876eb67bcb1ce837368e906a9f524"
|
2024-05-28 08:38:11 +03:00
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "unicode-segmentation"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "1.11.0"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "d4c87d22b6e3f4a18d4d40ef354e97c90fcb14dd91d7dc0aa9d8a1172ebf7202"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "unicode_categories"
|
|
|
|
version = "0.1.1"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-06-07 09:52:19 +03:00
|
|
|
checksum = "39ec24b3121d976906ece63c9daad25b85969647682eee313cb5779fdd69e14e"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "untrusted"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.9.0"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "url"
|
2024-06-24 11:06:20 +03:00
|
|
|
version = "2.5.2"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-06-24 11:06:20 +03:00
|
|
|
checksum = "22784dbdf76fdde8af1aeda5622b546b422b6fc585325248a2bf9f5e41e94d6c"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-06-07 09:52:19 +03:00
|
|
|
"form_urlencoded",
|
|
|
|
"idna",
|
|
|
|
"percent-encoding",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "uuid"
|
chore: bump up all non-major dependencies (#7508)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type | Update |
|---|---|---|---|---|---|---|---|
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.609.0` -> `3.614.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.609.0/3.614.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.614.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.614.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.609.0/3.614.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.609.0/3.614.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@fal-ai/serverless-client](https://togithub.com/fal-ai/fal-js) ([source](https://togithub.com/fal-ai/fal-js/tree/HEAD/libs/client)) | [`^0.12.0` -> `^0.13.0`](https://renovatebot.com/diffs/npm/@fal-ai%2fserverless-client/0.12.0/0.13.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@fal-ai%2fserverless-client/0.13.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@fal-ai%2fserverless-client/0.13.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@fal-ai%2fserverless-client/0.12.0/0.13.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@fal-ai%2fserverless-client/0.12.0/0.13.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@google-cloud/opentelemetry-cloud-monitoring-exporter](https://togithub.com/GoogleCloudPlatform/opentelemetry-operations-js) | [`^0.18.0` -> `^0.19.0`](https://renovatebot.com/diffs/npm/@google-cloud%2fopentelemetry-cloud-monitoring-exporter/0.18.0/0.19.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@google-cloud%2fopentelemetry-cloud-monitoring-exporter/0.19.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@google-cloud%2fopentelemetry-cloud-monitoring-exporter/0.19.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@google-cloud%2fopentelemetry-cloud-monitoring-exporter/0.18.0/0.19.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@google-cloud%2fopentelemetry-cloud-monitoring-exporter/0.18.0/0.19.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@napi-rs/cli](https://togithub.com/napi-rs/napi-rs) | [`3.0.0-alpha.56` -> `3.0.0-alpha.60`](https://renovatebot.com/diffs/npm/@napi-rs%2fcli/3.0.0-alpha.56/3.0.0-alpha.60) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@napi-rs%2fcli/3.0.0-alpha.60?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@napi-rs%2fcli/3.0.0-alpha.60?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@napi-rs%2fcli/3.0.0-alpha.56/3.0.0-alpha.60?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@napi-rs%2fcli/3.0.0-alpha.56/3.0.0-alpha.60?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@nx/vite](https://nx.dev) ([source](https://togithub.com/nrwl/nx/tree/HEAD/packages/vite)) | [`19.4.1` -> `19.4.3`](https://renovatebot.com/diffs/npm/@nx%2fvite/19.4.1/19.4.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@nx%2fvite/19.4.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@nx%2fvite/19.4.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@nx%2fvite/19.4.1/19.4.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nx%2fvite/19.4.1/19.4.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@playwright/test](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.45.1`](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.44.1/1.45.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@playwright%2ftest/1.45.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@playwright%2ftest/1.45.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@playwright%2ftest/1.44.1/1.45.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@playwright%2ftest/1.44.1/1.45.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [electron](https://togithub.com/electron/electron) | [`~30.1.0` -> `~30.2.0`](https://renovatebot.com/diffs/npm/electron/30.1.2/30.2.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/electron/30.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/electron/30.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/electron/30.1.2/30.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron/30.1.2/30.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [jotai-scope](https://togithub.com/jotaijs/jotai-scope) | [`^0.6.0` -> `^0.7.0`](https://renovatebot.com/diffs/npm/jotai-scope/0.6.0/0.7.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/jotai-scope/0.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/jotai-scope/0.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/jotai-scope/0.6.0/0.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/jotai-scope/0.6.0/0.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [lucide-react](https://lucide.dev) ([source](https://togithub.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react)) | [`^0.400.0` -> `^0.408.0`](https://renovatebot.com/diffs/npm/lucide-react/0.400.0/0.408.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/lucide-react/0.408.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/lucide-react/0.408.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/lucide-react/0.400.0/0.408.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/lucide-react/0.400.0/0.408.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [napi](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.5` -> `3.0.0-alpha.7` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi/3.0.0-alpha.5/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi/3.0.0-alpha.5/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [napi-derive](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.4` -> `3.0.0-alpha.6` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi-derive/3.0.0-alpha.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi-derive/3.0.0-alpha.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi-derive/3.0.0-alpha.4/3.0.0-alpha.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi-derive/3.0.0-alpha.4/3.0.0-alpha.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [node](https://nodejs.org) ([source](https://togithub.com/nodejs/node)) | `20.15.0` -> `20.15.1` | [![age](https://developer.mend.io/api/mc/badges/age/node-version/node/v20.15.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/node-version/node/v20.15.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/node-version/node/v20.15.0/v20.15.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/node-version/node/v20.15.0/v20.15.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | patch |
| [playwright](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.45.1`](https://renovatebot.com/diffs/npm/playwright/1.44.1/1.45.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/playwright/1.45.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/playwright/1.45.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/playwright/1.44.1/1.45.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/playwright/1.44.1/1.45.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [react-i18next](https://togithub.com/i18next/react-i18next) | [`14.1.2` -> `14.1.3`](https://renovatebot.com/diffs/npm/react-i18next/14.1.2/14.1.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-i18next/14.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-i18next/14.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-i18next/14.1.2/14.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-i18next/14.1.2/14.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [serde](https://serde.rs) ([source](https://togithub.com/serde-rs/serde)) | `1.0.203` -> `1.0.204` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde/1.0.204?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde/1.0.204?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde/1.0.203/1.0.204?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde/1.0.203/1.0.204?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [storybook-dark-mode](https://togithub.com/hipstersmoothie/storybook-dark-mode) | [`4.0.1` -> `4.0.2`](https://renovatebot.com/diffs/npm/storybook-dark-mode/4.0.1/4.0.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [tailwindcss](https://tailwindcss.com) ([source](https://togithub.com/tailwindlabs/tailwindcss)) | [`3.4.4` -> `3.4.5`](https://renovatebot.com/diffs/npm/tailwindcss/3.4.4/3.4.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/tailwindcss/3.4.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/tailwindcss/3.4.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/tailwindcss/3.4.4/3.4.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/tailwindcss/3.4.4/3.4.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [uuid](https://togithub.com/uuid-rs/uuid) | `1.9.1` -> `1.10.0` | [![age](https://developer.mend.io/api/mc/badges/age/crate/uuid/1.10.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/uuid/1.10.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/uuid/1.9.1/1.10.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/uuid/1.9.1/1.10.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | minor |
| [vitest-fetch-mock](https://togithub.com/IanVS/vitest-fetch-mock) | [`^0.2.2` -> `^0.3.0`](https://renovatebot.com/diffs/npm/vitest-fetch-mock/0.2.2/0.3.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vitest-fetch-mock/0.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vitest-fetch-mock/0.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vitest-fetch-mock/0.2.2/0.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vitest-fetch-mock/0.2.2/0.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [vitest-mock-extended](https://togithub.com/eratio08/vitest-mock-extended) | [`1.3.1` -> `1.3.2`](https://renovatebot.com/diffs/npm/vitest-mock-extended/1.3.1/1.3.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vitest-mock-extended/1.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vitest-mock-extended/1.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vitest-mock-extended/1.3.1/1.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vitest-mock-extended/1.3.1/1.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
---
### Release Notes
<details>
<summary>aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)</summary>
### [`v3.614.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#36140-2024-07-10)
[Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.613.0...v3.614.0)
**Note:** Version bump only for package [@​aws-sdk/client-s3](https://togithub.com/aws-sdk/client-s3)
### [`v3.613.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#36130-2024-07-09)
[Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.609.0...v3.613.0)
**Note:** Version bump only for package [@​aws-sdk/client-s3](https://togithub.com/aws-sdk/client-s3)
</details>
<details>
<summary>fal-ai/fal-js (@​fal-ai/serverless-client)</summary>
### [`v0.13.0`](https://togithub.com/fal-ai/fal-js/compare/4ea43b4cead83ed4f8d9f13d0c8da5c9d3c44c65...cf300e9cc0d65ab999a506f07e3806e239d4d3d9)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/4ea43b4cead83ed4f8d9f13d0c8da5c9d3c44c65...cf300e9cc0d65ab999a506f07e3806e239d4d3d9)
</details>
<details>
<summary>GoogleCloudPlatform/opentelemetry-operations-js (@​google-cloud/opentelemetry-cloud-monitoring-exporter)</summary>
### [`v0.19.0`](https://togithub.com/GoogleCloudPlatform/opentelemetry-operations-js/compare/@google-cloud/opentelemetry-cloud-monitoring-exporter@0.18.0...@google-cloud/opentelemetry-cloud-monitoring-exporter@0.19.0)
[Compare Source](https://togithub.com/GoogleCloudPlatform/opentelemetry-operations-js/compare/@google-cloud/opentelemetry-cloud-monitoring-exporter@0.18.0...@google-cloud/opentelemetry-cloud-monitoring-exporter@0.19.0)
</details>
<details>
<summary>napi-rs/napi-rs (@​napi-rs/cli)</summary>
### [`v3.0.0-alpha.60`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.59...@napi-rs/cli@3.0.0-alpha.60)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.59...@napi-rs/cli@3.0.0-alpha.60)
### [`v3.0.0-alpha.59`](https://togithub.com/napi-rs/napi-rs/releases/tag/%40napi-rs/cli%403.0.0-alpha.59)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.58...@napi-rs/cli@3.0.0-alpha.59)
##### Bug Fixes
- **cli:** bundle lodash-es in cjs output ([#​2189](https://togithub.com/napi-rs/napi-rs/issues/2189)) ([e860822](https://togithub.com/napi-rs/napi-rs/commit/e8608228b89f74793f4ea264fbbef00025449cad))
- **cli:** worker files format ([#​2186](https://togithub.com/napi-rs/napi-rs/issues/2186)) ([13c1838](https://togithub.com/napi-rs/napi-rs/commit/13c18388f5c57c1fa86a3a43ea9540af27d862c9))
### [`v3.0.0-alpha.58`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.57...@napi-rs/cli@3.0.0-alpha.58)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.57...@napi-rs/cli@3.0.0-alpha.58)
### [`v3.0.0-alpha.57`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.56...@napi-rs/cli@3.0.0-alpha.57)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.56...@napi-rs/cli@3.0.0-alpha.57)
</details>
<details>
<summary>nrwl/nx (@​nx/vite)</summary>
### [`v19.4.3`](https://togithub.com/nrwl/nx/releases/tag/19.4.3)
[Compare Source](https://togithub.com/nrwl/nx/compare/19.4.2...19.4.3)
##### 19.4.3 (2024-07-12)
##### 🚀 Features
- **core:** avoid forking process for nx:noop ([#​26869](https://togithub.com/nrwl/nx/pull/26869))
- **js:** add createNodesV2 for typescript plugin ([#​26788](https://togithub.com/nrwl/nx/pull/26788))
- **nx-dev:** add customers & company pages ([#​26813](https://togithub.com/nrwl/nx/pull/26813))
- **nx-dev:** Add more OSS logos ([#​26922](https://togithub.com/nrwl/nx/pull/26922))
##### 🩹 Fixes
- **core:** load isolated plugins in parallel ([#​26874](https://togithub.com/nrwl/nx/pull/26874))
- **core:** report should work if project graph errors ([#​26858](https://togithub.com/nrwl/nx/pull/26858))
- **misc:** properly set the value of the bitbucket option for ci work… ([#​26890](https://togithub.com/nrwl/nx/pull/26890))
- **misc:** add more ab testing for setting up ci and nx cloud ([#​26907](https://togithub.com/nrwl/nx/pull/26907))
- **vite:** Only attempt to amend test object if one exists ([#​26822](https://togithub.com/nrwl/nx/pull/26822))
- **vue:** bump vue-tsc version to 2.x.x ([#​26867](https://togithub.com/nrwl/nx/pull/26867))
##### ❤️ Thank You
- Craigory Coppola [@​AgentEnder](https://togithub.com/AgentEnder)
- Jason Jean [@​FrozenPandaz](https://togithub.com/FrozenPandaz)
- Jasper McCulloch
- Leosvel Pérez Espinosa [@​leosvelperez](https://togithub.com/leosvelperez)
- Nicholas Cunningham [@​ndcunningham](https://togithub.com/ndcunningham)
### [`v19.4.2`](https://togithub.com/nrwl/nx/releases/tag/19.4.2)
[Compare Source](https://togithub.com/nrwl/nx/compare/19.4.1...19.4.2)
##### 19.4.2 (2024-07-08)
##### 🚀 Features
- **core:** add support for wildcards in dependsOn ([#​19611](https://togithub.com/nrwl/nx/pull/19611))
- **linter:** support `eslint.config.cjs` and `*.cjs` extension with flat config ([#​26637](https://togithub.com/nrwl/nx/pull/26637))
##### 🩹 Fixes
- **core:** ensure better create nodes error messaging ([#​26811](https://togithub.com/nrwl/nx/pull/26811))
- **misc:** adjust nx cloud ab test ([#​26866](https://togithub.com/nrwl/nx/pull/26866))
##### ❤️ Thank You
- Ben Snyder
- Craigory Coppola [@​AgentEnder](https://togithub.com/AgentEnder)
- Jason Jean [@​FrozenPandaz](https://togithub.com/FrozenPandaz)
- Pavlo [@​fxposter](https://togithub.com/fxposter)
</details>
<details>
<summary>microsoft/playwright (@​playwright/test)</summary>
### [`v1.45.1`](https://togithub.com/microsoft/playwright/compare/v1.45.0...e8989f83d9801cdaadc3803b5341c601c9593947)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.0...v1.45.1)
### [`v1.45.0`](https://togithub.com/microsoft/playwright/compare/v1.44.1...4f3f6eecae490af444dd9298c9eaeb0c596915b7)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.44.1...v1.45.0)
</details>
<details>
<summary>electron/electron (electron)</summary>
### [`v30.2.0`](https://togithub.com/electron/electron/releases/tag/v30.2.0): electron v30.2.0
[Compare Source](https://togithub.com/electron/electron/compare/v30.1.2...v30.2.0)
### Release Notes for v30.2.0
#### Features
- Enabled the Windows Control Overlay API on Linux. [#​42683](https://togithub.com/electron/electron/pull/42683) <span style="font-size:small;">(Also in [31](https://togithub.com/electron/electron/pull/42682), [32](https://togithub.com/electron/electron/pull/42681))</span>
- Expose `systemPreferences` to `utilityProcess`. [#​42600](https://togithub.com/electron/electron/pull/42600) <span style="font-size:small;">(Also in [31](https://togithub.com/electron/electron/pull/42598), [32](https://togithub.com/electron/electron/pull/42599))</span>
#### Fixes
- Fixed a focus issue when calling `BrowserWindow.setTopBrowserView`. [#​42735](https://togithub.com/electron/electron/pull/42735) <span style="font-size:small;">(Also in [31](https://togithub.com/electron/electron/pull/42734), [32](https://togithub.com/electron/electron/pull/42733))</span>
- Fixed an issue where `fetch`-dependent interfaces could be missing in Web Workers with `nodeIntegrationInWorker` enabled. [#​42596](https://togithub.com/electron/electron/pull/42596) <span style="font-size:small;">(Also in [31](https://togithub.com/electron/electron/pull/42597), [32](https://togithub.com/electron/electron/pull/42595))</span>
- Fixed an issue where `navigator.mediaDevices.enumerateDevices` could return broken results in some cases after calling `session.setPermissionCheckHandler`. [#​42807](https://togithub.com/electron/electron/pull/42807) <span style="font-size:small;">(Also in [31](https://togithub.com/electron/electron/pull/42809), [32](https://togithub.com/electron/electron/pull/42808))</span>
- Fixed an issue where control could fail to return properly after saving a dialog using showOpenDialogSync on Linux. [#​42676](https://togithub.com/electron/electron/pull/42676) <span style="font-size:small;">(Also in [29](https://togithub.com/electron/electron/pull/42679), [31](https://togithub.com/electron/electron/pull/42678), [32](https://togithub.com/electron/electron/pull/42677))</span>
- Fixed an issue where the user-specified default path did not work in some circumstances when using Linux dialogs. [#​42687](https://togithub.com/electron/electron/pull/42687) <span style="font-size:small;">(Also in [31](https://togithub.com/electron/electron/pull/42685), [32](https://togithub.com/electron/electron/pull/42680))</span>
- Fixed potentially incorrect exit code in UtilityProcess. [#​42395](https://togithub.com/electron/electron/pull/42395) <span style="font-size:small;">(Also in [29](https://togithub.com/electron/electron/pull/42396), [31](https://togithub.com/electron/electron/pull/42397))</span>
#### Other Changes
- Security: backported fix for CVE-2024-5493. [#​42590](https://togithub.com/electron/electron/pull/42590)
- Security: backported fix for CVE-2024-5831.
- Security: backported fix for CVE-2024-5832. [#​42602](https://togithub.com/electron/electron/pull/42602)
- Security: backported fix for CVE-2024-6100.
- Security: backported fix for CVE-2024-6101.
- Security: backported fix for CVE-2024-6103. [#​42617](https://togithub.com/electron/electron/pull/42617)
- Security: backported fix for CVE-2024-6291.
- Security: backported fix for CVE-2024-6293.
- Security: backported fix for CVE-2024-6290.
- Security: backported fix for CVE-2024-6292.
- Security: backported fix for chromium:346197738. [#​42693](https://togithub.com/electron/electron/pull/42693)
- Updated Node.js to v20.15.0. [#​42613](https://togithub.com/electron/electron/pull/42613)
</details>
<details>
<summary>jotaijs/jotai-scope (jotai-scope)</summary>
### [`v0.7.0`](https://togithub.com/jotaijs/jotai-scope/compare/v0.6.0...v0.7.0)
[Compare Source](https://togithub.com/jotaijs/jotai-scope/compare/v0.6.0...v0.7.0)
</details>
<details>
<summary>lucide-icons/lucide (lucide-react)</summary>
### [`v0.408.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.408.0): New icons 0.408.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.407.0...0.408.0)
#### New icons 🎨
- `monitor-cog` ([#​2310](https://togithub.com/lucide-icons/lucide/issues/2310)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `church` ([#​2273](https://togithub.com/lucide-icons/lucide/issues/2273)) by [@​jguddas](https://togithub.com/jguddas)
- `delete` ([#​2279](https://togithub.com/lucide-icons/lucide/issues/2279)) by [@​jguddas](https://togithub.com/jguddas)
- `drafting-compass` ([#​2266](https://togithub.com/lucide-icons/lucide/issues/2266)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.407.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.407.0): New icons 0.407.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.406.0...0.407.0)
#### New icons 🎨
- `type-outline` ([#​2206](https://togithub.com/lucide-icons/lucide/issues/2206)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.406.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.406.0): New icons 0.406.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.405.0...0.406.0)
#### New icons 🎨
- `calendar-arrow-down` ([#​2307](https://togithub.com/lucide-icons/lucide/issues/2307)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `calendar-arrow-up` ([#​2307](https://togithub.com/lucide-icons/lucide/issues/2307)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `clock-arrow-down` ([#​2307](https://togithub.com/lucide-icons/lucide/issues/2307)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `clock-arrow-up` ([#​2307](https://togithub.com/lucide-icons/lucide/issues/2307)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.405.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.405.0): New icons 0.405.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.404.0...0.405.0)
#### New icons 🎨
- `user-pen` ([#​2303](https://togithub.com/lucide-icons/lucide/issues/2303)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `user-round-pen` ([#​2303](https://togithub.com/lucide-icons/lucide/issues/2303)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.404.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.404.0): New icons 0.404.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.403.0...0.404.0)
#### New icons 🎨
- `folder-code` ([#​2276](https://togithub.com/lucide-icons/lucide/issues/2276)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.403.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.403.0): New icons 0.403.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.402.0...0.403.0)
#### New icons 🎨
- `list-check` ([#​2291](https://togithub.com/lucide-icons/lucide/issues/2291)) by [@​guanboo-yang](https://togithub.com/guanboo-yang)
### [`v0.402.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.402.0): New icons 0.402.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.401.0...0.402.0)
#### New icons 🎨
- `wifi-high` ([#​2157](https://togithub.com/lucide-icons/lucide/issues/2157)) by [@​VirtCode](https://togithub.com/VirtCode)
- `wifi-low` ([#​2157](https://togithub.com/lucide-icons/lucide/issues/2157)) by [@​VirtCode](https://togithub.com/VirtCode)
- `wifi-zero` ([#​2157](https://togithub.com/lucide-icons/lucide/issues/2157)) by [@​VirtCode](https://togithub.com/VirtCode)
### [`v0.401.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.401.0): New icons 0.401.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.400.0...0.401.0)
#### New icons 🎨
- `scan-qr-code` ([#​2247](https://togithub.com/lucide-icons/lucide/issues/2247)) by [@​vexkiddy](https://togithub.com/vexkiddy)
#### Modified Icons 🔨
- `book-a` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-audio` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-check` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-copy` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-dashed` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-down` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-headphones` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-heart` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-image` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-key` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-lock` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-marked` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-minus` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-plus` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-text` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-type` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-up-2` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-up` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-user` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-x` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `circle-power` ([#​2285](https://togithub.com/lucide-icons/lucide/issues/2285)) by [@​jguddas](https://togithub.com/jguddas)
- `key-round` ([#​2278](https://togithub.com/lucide-icons/lucide/issues/2278)) by [@​jguddas](https://togithub.com/jguddas)
- `octagon-alert` ([#​2280](https://togithub.com/lucide-icons/lucide/issues/2280)) by [@​jguddas](https://togithub.com/jguddas)
- `octagon-pause` ([#​2280](https://togithub.com/lucide-icons/lucide/issues/2280)) by [@​jguddas](https://togithub.com/jguddas)
- `octagon-x` ([#​2280](https://togithub.com/lucide-icons/lucide/issues/2280)) by [@​jguddas](https://togithub.com/jguddas)
- `octagon` ([#​2280](https://togithub.com/lucide-icons/lucide/issues/2280)) by [@​jguddas](https://togithub.com/jguddas)
- `signature` ([#​2293](https://togithub.com/lucide-icons/lucide/issues/2293)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-power` ([#​2285](https://togithub.com/lucide-icons/lucide/issues/2285)) by [@​jguddas](https://togithub.com/jguddas)
</details>
<details>
<summary>nodejs/node (node)</summary>
### [`v20.15.1`](https://togithub.com/nodejs/node/compare/v20.15.0...v20.15.1)
[Compare Source](https://togithub.com/nodejs/node/compare/v20.15.0...v20.15.1)
</details>
<details>
<summary>i18next/react-i18next (react-i18next)</summary>
### [`v14.1.3`](https://togithub.com/i18next/react-i18next/blob/HEAD/CHANGELOG.md#1413)
[Compare Source](https://togithub.com/i18next/react-i18next/compare/v14.1.2...v14.1.3)
- create a isObject helper function [1766](https://togithub.com/i18next/react-i18next/pull/1766)
- optimize nodesToString [1765](https://togithub.com/i18next/react-i18next/pull/1765)
- Simplifies hasValidReactChildren [1764](https://togithub.com/i18next/react-i18next/pull/1764)
- create a isString helper to avoid code duplication [1763](https://togithub.com/i18next/react-i18next/pull/1763)
- use arrow functions where possible [1762](https://togithub.com/i18next/react-i18next/pull/1762)
- use the commented out async code [1761](https://togithub.com/i18next/react-i18next/pull/1761)
</details>
<details>
<summary>serde-rs/serde (serde)</summary>
### [`v1.0.204`](https://togithub.com/serde-rs/serde/releases/tag/v1.0.204)
[Compare Source](https://togithub.com/serde-rs/serde/compare/v1.0.203...v1.0.204)
- Apply #\[diagnostic::on_unimplemented] attribute on Rust 1.78+ to suggest adding serde derive or enabling a "serde" feature flag in dependencies ([#​2767](https://togithub.com/serde-rs/serde/issues/2767), thanks [@​weiznich](https://togithub.com/weiznich))
</details>
<details>
<summary>hipstersmoothie/storybook-dark-mode (storybook-dark-mode)</summary>
### [`v4.0.2`](https://togithub.com/hipstersmoothie/storybook-dark-mode/blob/HEAD/CHANGELOG.md#v402-Wed-Jun-19-2024)
[Compare Source](https://togithub.com/hipstersmoothie/storybook-dark-mode/compare/v4.0.1...v4.0.2)
##### 🐛 Bug Fix
- Fix for the "Storybook preview hooks can only be called inside decorators and story functions." error [#​279](https://togithub.com/hipstersmoothie/storybook-dark-mode/pull/279) ([@​adam-golab](https://togithub.com/adam-golab))
##### Authors: 1
- Adam Gołąb ([@​adam-golab](https://togithub.com/adam-golab))
***
</details>
<details>
<summary>tailwindlabs/tailwindcss (tailwindcss)</summary>
### [`v3.4.5`](https://togithub.com/tailwindlabs/tailwindcss/compare/v3.4.4...a0dbb3d87664521af8a422df5c179d9572a4698c)
[Compare Source](https://togithub.com/tailwindlabs/tailwindcss/compare/v3.4.4...v3.4.5)
</details>
<details>
<summary>uuid-rs/uuid (uuid)</summary>
### [`v1.10.0`](https://togithub.com/uuid-rs/uuid/releases/tag/1.10.0)
[Compare Source](https://togithub.com/uuid-rs/uuid/compare/1.9.1...1.10.0)
##### Deprecations
This release deprecates and renames the following functions:
- `Builder::from_rfc4122_timestamp` -> `Builder::from_gregorian_timestamp`
- `Builder::from_sorted_rfc4122_timestamp` -> `Builder::from_sorted_gregorian_timestamp`
- `Timestamp::from_rfc4122` -> `Timestamp::from_gregorian`
- `Timestamp::to_rfc4122` -> `Timestamp::to_gregorian`
##### What's Changed
- Use const identifier in uuid macro by [@​Vrajs16](https://togithub.com/Vrajs16) in [https://github.com/uuid-rs/uuid/pull/764](https://togithub.com/uuid-rs/uuid/pull/764)
- Rename most methods referring to RFC4122 by [@​Mikopet](https://togithub.com/Mikopet) / [@​KodrAus](https://togithub.com/KodrAus) in [https://github.com/uuid-rs/uuid/pull/765](https://togithub.com/uuid-rs/uuid/pull/765)
- prepare for 1.10.0 release by [@​KodrAus](https://togithub.com/KodrAus) in [https://github.com/uuid-rs/uuid/pull/766](https://togithub.com/uuid-rs/uuid/pull/766)
##### New Contributors
- [@​Vrajs16](https://togithub.com/Vrajs16) made their first contribution in [https://github.com/uuid-rs/uuid/pull/764](https://togithub.com/uuid-rs/uuid/pull/764)
**Full Changelog**: https://github.com/uuid-rs/uuid/compare/1.9.1...1.10.0
</details>
<details>
<summary>IanVS/vitest-fetch-mock (vitest-fetch-mock)</summary>
### [`v0.3.0`](https://togithub.com/IanVS/vitest-fetch-mock/releases/tag/v0.3.0)
[Compare Source](https://togithub.com/IanVS/vitest-fetch-mock/compare/v0.2.2...v0.3.0)
#### Breaking changes
- Support Vitest 2
- Require Node 18 and above
#### Fixes
- Better TypeScript support
#### PRs:
- Update to vitest 2 by [@​birtles](https://togithub.com/birtles) in [https://github.com/IanVS/vitest-fetch-mock/pull/18](https://togithub.com/IanVS/vitest-fetch-mock/pull/18)
- Update dependencies by [@​IanVS](https://togithub.com/IanVS) in [https://github.com/IanVS/vitest-fetch-mock/pull/20](https://togithub.com/IanVS/vitest-fetch-mock/pull/20)
- Update node versions tested in CI by [@​IanVS](https://togithub.com/IanVS) in [https://github.com/IanVS/vitest-fetch-mock/pull/19](https://togithub.com/IanVS/vitest-fetch-mock/pull/19)
- Fix: move index.d.ts alongside index.js main entry by [@​drwpow](https://togithub.com/drwpow) in [https://github.com/IanVS/vitest-fetch-mock/pull/11](https://togithub.com/IanVS/vitest-fetch-mock/pull/11)
#### New Contributors
- [@​birtles](https://togithub.com/birtles) made their first contribution in [https://github.com/IanVS/vitest-fetch-mock/pull/18](https://togithub.com/IanVS/vitest-fetch-mock/pull/18)
- [@​drwpow](https://togithub.com/drwpow) made their first contribution in [https://github.com/IanVS/vitest-fetch-mock/pull/11](https://togithub.com/IanVS/vitest-fetch-mock/pull/11)
**Full Changelog**: https://github.com/IanVS/vitest-fetch-mock/compare/v0.2.2...v0.3.0
</details>
<details>
<summary>eratio08/vitest-mock-extended (vitest-mock-extended)</summary>
### [`v1.3.2`](https://togithub.com/eratio08/vitest-mock-extended/releases/tag/v1.3.2)
[Compare Source](https://togithub.com/eratio08/vitest-mock-extended/compare/v1.3.1...v1.3.2)
##### Bug Fixes
- Resolve issues with Vitest 2.0 Mock Type changes ([b1d2b89](https://togithub.com/eratio08/vitest-mock-extended/commit/b1d2b893ddce4cb9e3ed3ecc10ed80f3439beed7))
- `vitest-mock-extended` now requires `vitest` `2.0.0`
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzEuNCIsInVwZGF0ZWRJblZlciI6IjM3LjQzMS40IiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->
2024-07-16 10:29:08 +03:00
|
|
|
version = "1.10.0"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
chore: bump up all non-major dependencies (#7508)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type | Update |
|---|---|---|---|---|---|---|---|
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.609.0` -> `3.614.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.609.0/3.614.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.614.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.614.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.609.0/3.614.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.609.0/3.614.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@fal-ai/serverless-client](https://togithub.com/fal-ai/fal-js) ([source](https://togithub.com/fal-ai/fal-js/tree/HEAD/libs/client)) | [`^0.12.0` -> `^0.13.0`](https://renovatebot.com/diffs/npm/@fal-ai%2fserverless-client/0.12.0/0.13.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@fal-ai%2fserverless-client/0.13.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@fal-ai%2fserverless-client/0.13.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@fal-ai%2fserverless-client/0.12.0/0.13.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@fal-ai%2fserverless-client/0.12.0/0.13.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@google-cloud/opentelemetry-cloud-monitoring-exporter](https://togithub.com/GoogleCloudPlatform/opentelemetry-operations-js) | [`^0.18.0` -> `^0.19.0`](https://renovatebot.com/diffs/npm/@google-cloud%2fopentelemetry-cloud-monitoring-exporter/0.18.0/0.19.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@google-cloud%2fopentelemetry-cloud-monitoring-exporter/0.19.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@google-cloud%2fopentelemetry-cloud-monitoring-exporter/0.19.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@google-cloud%2fopentelemetry-cloud-monitoring-exporter/0.18.0/0.19.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@google-cloud%2fopentelemetry-cloud-monitoring-exporter/0.18.0/0.19.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@napi-rs/cli](https://togithub.com/napi-rs/napi-rs) | [`3.0.0-alpha.56` -> `3.0.0-alpha.60`](https://renovatebot.com/diffs/npm/@napi-rs%2fcli/3.0.0-alpha.56/3.0.0-alpha.60) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@napi-rs%2fcli/3.0.0-alpha.60?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@napi-rs%2fcli/3.0.0-alpha.60?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@napi-rs%2fcli/3.0.0-alpha.56/3.0.0-alpha.60?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@napi-rs%2fcli/3.0.0-alpha.56/3.0.0-alpha.60?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@nx/vite](https://nx.dev) ([source](https://togithub.com/nrwl/nx/tree/HEAD/packages/vite)) | [`19.4.1` -> `19.4.3`](https://renovatebot.com/diffs/npm/@nx%2fvite/19.4.1/19.4.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@nx%2fvite/19.4.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@nx%2fvite/19.4.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@nx%2fvite/19.4.1/19.4.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nx%2fvite/19.4.1/19.4.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@playwright/test](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.45.1`](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.44.1/1.45.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@playwright%2ftest/1.45.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@playwright%2ftest/1.45.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@playwright%2ftest/1.44.1/1.45.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@playwright%2ftest/1.44.1/1.45.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [electron](https://togithub.com/electron/electron) | [`~30.1.0` -> `~30.2.0`](https://renovatebot.com/diffs/npm/electron/30.1.2/30.2.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/electron/30.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/electron/30.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/electron/30.1.2/30.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron/30.1.2/30.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [jotai-scope](https://togithub.com/jotaijs/jotai-scope) | [`^0.6.0` -> `^0.7.0`](https://renovatebot.com/diffs/npm/jotai-scope/0.6.0/0.7.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/jotai-scope/0.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/jotai-scope/0.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/jotai-scope/0.6.0/0.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/jotai-scope/0.6.0/0.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [lucide-react](https://lucide.dev) ([source](https://togithub.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react)) | [`^0.400.0` -> `^0.408.0`](https://renovatebot.com/diffs/npm/lucide-react/0.400.0/0.408.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/lucide-react/0.408.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/lucide-react/0.408.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/lucide-react/0.400.0/0.408.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/lucide-react/0.400.0/0.408.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [napi](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.5` -> `3.0.0-alpha.7` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi/3.0.0-alpha.5/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi/3.0.0-alpha.5/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [napi-derive](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.4` -> `3.0.0-alpha.6` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi-derive/3.0.0-alpha.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi-derive/3.0.0-alpha.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi-derive/3.0.0-alpha.4/3.0.0-alpha.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi-derive/3.0.0-alpha.4/3.0.0-alpha.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [node](https://nodejs.org) ([source](https://togithub.com/nodejs/node)) | `20.15.0` -> `20.15.1` | [![age](https://developer.mend.io/api/mc/badges/age/node-version/node/v20.15.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/node-version/node/v20.15.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/node-version/node/v20.15.0/v20.15.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/node-version/node/v20.15.0/v20.15.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | patch |
| [playwright](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.45.1`](https://renovatebot.com/diffs/npm/playwright/1.44.1/1.45.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/playwright/1.45.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/playwright/1.45.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/playwright/1.44.1/1.45.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/playwright/1.44.1/1.45.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [react-i18next](https://togithub.com/i18next/react-i18next) | [`14.1.2` -> `14.1.3`](https://renovatebot.com/diffs/npm/react-i18next/14.1.2/14.1.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-i18next/14.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-i18next/14.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-i18next/14.1.2/14.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-i18next/14.1.2/14.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [serde](https://serde.rs) ([source](https://togithub.com/serde-rs/serde)) | `1.0.203` -> `1.0.204` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde/1.0.204?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde/1.0.204?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde/1.0.203/1.0.204?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde/1.0.203/1.0.204?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [storybook-dark-mode](https://togithub.com/hipstersmoothie/storybook-dark-mode) | [`4.0.1` -> `4.0.2`](https://renovatebot.com/diffs/npm/storybook-dark-mode/4.0.1/4.0.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [tailwindcss](https://tailwindcss.com) ([source](https://togithub.com/tailwindlabs/tailwindcss)) | [`3.4.4` -> `3.4.5`](https://renovatebot.com/diffs/npm/tailwindcss/3.4.4/3.4.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/tailwindcss/3.4.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/tailwindcss/3.4.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/tailwindcss/3.4.4/3.4.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/tailwindcss/3.4.4/3.4.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [uuid](https://togithub.com/uuid-rs/uuid) | `1.9.1` -> `1.10.0` | [![age](https://developer.mend.io/api/mc/badges/age/crate/uuid/1.10.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/uuid/1.10.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/uuid/1.9.1/1.10.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/uuid/1.9.1/1.10.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | minor |
| [vitest-fetch-mock](https://togithub.com/IanVS/vitest-fetch-mock) | [`^0.2.2` -> `^0.3.0`](https://renovatebot.com/diffs/npm/vitest-fetch-mock/0.2.2/0.3.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vitest-fetch-mock/0.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vitest-fetch-mock/0.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vitest-fetch-mock/0.2.2/0.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vitest-fetch-mock/0.2.2/0.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [vitest-mock-extended](https://togithub.com/eratio08/vitest-mock-extended) | [`1.3.1` -> `1.3.2`](https://renovatebot.com/diffs/npm/vitest-mock-extended/1.3.1/1.3.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vitest-mock-extended/1.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vitest-mock-extended/1.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vitest-mock-extended/1.3.1/1.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vitest-mock-extended/1.3.1/1.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
---
### Release Notes
<details>
<summary>aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)</summary>
### [`v3.614.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#36140-2024-07-10)
[Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.613.0...v3.614.0)
**Note:** Version bump only for package [@​aws-sdk/client-s3](https://togithub.com/aws-sdk/client-s3)
### [`v3.613.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#36130-2024-07-09)
[Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.609.0...v3.613.0)
**Note:** Version bump only for package [@​aws-sdk/client-s3](https://togithub.com/aws-sdk/client-s3)
</details>
<details>
<summary>fal-ai/fal-js (@​fal-ai/serverless-client)</summary>
### [`v0.13.0`](https://togithub.com/fal-ai/fal-js/compare/4ea43b4cead83ed4f8d9f13d0c8da5c9d3c44c65...cf300e9cc0d65ab999a506f07e3806e239d4d3d9)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/4ea43b4cead83ed4f8d9f13d0c8da5c9d3c44c65...cf300e9cc0d65ab999a506f07e3806e239d4d3d9)
</details>
<details>
<summary>GoogleCloudPlatform/opentelemetry-operations-js (@​google-cloud/opentelemetry-cloud-monitoring-exporter)</summary>
### [`v0.19.0`](https://togithub.com/GoogleCloudPlatform/opentelemetry-operations-js/compare/@google-cloud/opentelemetry-cloud-monitoring-exporter@0.18.0...@google-cloud/opentelemetry-cloud-monitoring-exporter@0.19.0)
[Compare Source](https://togithub.com/GoogleCloudPlatform/opentelemetry-operations-js/compare/@google-cloud/opentelemetry-cloud-monitoring-exporter@0.18.0...@google-cloud/opentelemetry-cloud-monitoring-exporter@0.19.0)
</details>
<details>
<summary>napi-rs/napi-rs (@​napi-rs/cli)</summary>
### [`v3.0.0-alpha.60`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.59...@napi-rs/cli@3.0.0-alpha.60)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.59...@napi-rs/cli@3.0.0-alpha.60)
### [`v3.0.0-alpha.59`](https://togithub.com/napi-rs/napi-rs/releases/tag/%40napi-rs/cli%403.0.0-alpha.59)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.58...@napi-rs/cli@3.0.0-alpha.59)
##### Bug Fixes
- **cli:** bundle lodash-es in cjs output ([#​2189](https://togithub.com/napi-rs/napi-rs/issues/2189)) ([e860822](https://togithub.com/napi-rs/napi-rs/commit/e8608228b89f74793f4ea264fbbef00025449cad))
- **cli:** worker files format ([#​2186](https://togithub.com/napi-rs/napi-rs/issues/2186)) ([13c1838](https://togithub.com/napi-rs/napi-rs/commit/13c18388f5c57c1fa86a3a43ea9540af27d862c9))
### [`v3.0.0-alpha.58`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.57...@napi-rs/cli@3.0.0-alpha.58)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.57...@napi-rs/cli@3.0.0-alpha.58)
### [`v3.0.0-alpha.57`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.56...@napi-rs/cli@3.0.0-alpha.57)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.56...@napi-rs/cli@3.0.0-alpha.57)
</details>
<details>
<summary>nrwl/nx (@​nx/vite)</summary>
### [`v19.4.3`](https://togithub.com/nrwl/nx/releases/tag/19.4.3)
[Compare Source](https://togithub.com/nrwl/nx/compare/19.4.2...19.4.3)
##### 19.4.3 (2024-07-12)
##### 🚀 Features
- **core:** avoid forking process for nx:noop ([#​26869](https://togithub.com/nrwl/nx/pull/26869))
- **js:** add createNodesV2 for typescript plugin ([#​26788](https://togithub.com/nrwl/nx/pull/26788))
- **nx-dev:** add customers & company pages ([#​26813](https://togithub.com/nrwl/nx/pull/26813))
- **nx-dev:** Add more OSS logos ([#​26922](https://togithub.com/nrwl/nx/pull/26922))
##### 🩹 Fixes
- **core:** load isolated plugins in parallel ([#​26874](https://togithub.com/nrwl/nx/pull/26874))
- **core:** report should work if project graph errors ([#​26858](https://togithub.com/nrwl/nx/pull/26858))
- **misc:** properly set the value of the bitbucket option for ci work… ([#​26890](https://togithub.com/nrwl/nx/pull/26890))
- **misc:** add more ab testing for setting up ci and nx cloud ([#​26907](https://togithub.com/nrwl/nx/pull/26907))
- **vite:** Only attempt to amend test object if one exists ([#​26822](https://togithub.com/nrwl/nx/pull/26822))
- **vue:** bump vue-tsc version to 2.x.x ([#​26867](https://togithub.com/nrwl/nx/pull/26867))
##### ❤️ Thank You
- Craigory Coppola [@​AgentEnder](https://togithub.com/AgentEnder)
- Jason Jean [@​FrozenPandaz](https://togithub.com/FrozenPandaz)
- Jasper McCulloch
- Leosvel Pérez Espinosa [@​leosvelperez](https://togithub.com/leosvelperez)
- Nicholas Cunningham [@​ndcunningham](https://togithub.com/ndcunningham)
### [`v19.4.2`](https://togithub.com/nrwl/nx/releases/tag/19.4.2)
[Compare Source](https://togithub.com/nrwl/nx/compare/19.4.1...19.4.2)
##### 19.4.2 (2024-07-08)
##### 🚀 Features
- **core:** add support for wildcards in dependsOn ([#​19611](https://togithub.com/nrwl/nx/pull/19611))
- **linter:** support `eslint.config.cjs` and `*.cjs` extension with flat config ([#​26637](https://togithub.com/nrwl/nx/pull/26637))
##### 🩹 Fixes
- **core:** ensure better create nodes error messaging ([#​26811](https://togithub.com/nrwl/nx/pull/26811))
- **misc:** adjust nx cloud ab test ([#​26866](https://togithub.com/nrwl/nx/pull/26866))
##### ❤️ Thank You
- Ben Snyder
- Craigory Coppola [@​AgentEnder](https://togithub.com/AgentEnder)
- Jason Jean [@​FrozenPandaz](https://togithub.com/FrozenPandaz)
- Pavlo [@​fxposter](https://togithub.com/fxposter)
</details>
<details>
<summary>microsoft/playwright (@​playwright/test)</summary>
### [`v1.45.1`](https://togithub.com/microsoft/playwright/compare/v1.45.0...e8989f83d9801cdaadc3803b5341c601c9593947)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.0...v1.45.1)
### [`v1.45.0`](https://togithub.com/microsoft/playwright/compare/v1.44.1...4f3f6eecae490af444dd9298c9eaeb0c596915b7)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.44.1...v1.45.0)
</details>
<details>
<summary>electron/electron (electron)</summary>
### [`v30.2.0`](https://togithub.com/electron/electron/releases/tag/v30.2.0): electron v30.2.0
[Compare Source](https://togithub.com/electron/electron/compare/v30.1.2...v30.2.0)
### Release Notes for v30.2.0
#### Features
- Enabled the Windows Control Overlay API on Linux. [#​42683](https://togithub.com/electron/electron/pull/42683) <span style="font-size:small;">(Also in [31](https://togithub.com/electron/electron/pull/42682), [32](https://togithub.com/electron/electron/pull/42681))</span>
- Expose `systemPreferences` to `utilityProcess`. [#​42600](https://togithub.com/electron/electron/pull/42600) <span style="font-size:small;">(Also in [31](https://togithub.com/electron/electron/pull/42598), [32](https://togithub.com/electron/electron/pull/42599))</span>
#### Fixes
- Fixed a focus issue when calling `BrowserWindow.setTopBrowserView`. [#​42735](https://togithub.com/electron/electron/pull/42735) <span style="font-size:small;">(Also in [31](https://togithub.com/electron/electron/pull/42734), [32](https://togithub.com/electron/electron/pull/42733))</span>
- Fixed an issue where `fetch`-dependent interfaces could be missing in Web Workers with `nodeIntegrationInWorker` enabled. [#​42596](https://togithub.com/electron/electron/pull/42596) <span style="font-size:small;">(Also in [31](https://togithub.com/electron/electron/pull/42597), [32](https://togithub.com/electron/electron/pull/42595))</span>
- Fixed an issue where `navigator.mediaDevices.enumerateDevices` could return broken results in some cases after calling `session.setPermissionCheckHandler`. [#​42807](https://togithub.com/electron/electron/pull/42807) <span style="font-size:small;">(Also in [31](https://togithub.com/electron/electron/pull/42809), [32](https://togithub.com/electron/electron/pull/42808))</span>
- Fixed an issue where control could fail to return properly after saving a dialog using showOpenDialogSync on Linux. [#​42676](https://togithub.com/electron/electron/pull/42676) <span style="font-size:small;">(Also in [29](https://togithub.com/electron/electron/pull/42679), [31](https://togithub.com/electron/electron/pull/42678), [32](https://togithub.com/electron/electron/pull/42677))</span>
- Fixed an issue where the user-specified default path did not work in some circumstances when using Linux dialogs. [#​42687](https://togithub.com/electron/electron/pull/42687) <span style="font-size:small;">(Also in [31](https://togithub.com/electron/electron/pull/42685), [32](https://togithub.com/electron/electron/pull/42680))</span>
- Fixed potentially incorrect exit code in UtilityProcess. [#​42395](https://togithub.com/electron/electron/pull/42395) <span style="font-size:small;">(Also in [29](https://togithub.com/electron/electron/pull/42396), [31](https://togithub.com/electron/electron/pull/42397))</span>
#### Other Changes
- Security: backported fix for CVE-2024-5493. [#​42590](https://togithub.com/electron/electron/pull/42590)
- Security: backported fix for CVE-2024-5831.
- Security: backported fix for CVE-2024-5832. [#​42602](https://togithub.com/electron/electron/pull/42602)
- Security: backported fix for CVE-2024-6100.
- Security: backported fix for CVE-2024-6101.
- Security: backported fix for CVE-2024-6103. [#​42617](https://togithub.com/electron/electron/pull/42617)
- Security: backported fix for CVE-2024-6291.
- Security: backported fix for CVE-2024-6293.
- Security: backported fix for CVE-2024-6290.
- Security: backported fix for CVE-2024-6292.
- Security: backported fix for chromium:346197738. [#​42693](https://togithub.com/electron/electron/pull/42693)
- Updated Node.js to v20.15.0. [#​42613](https://togithub.com/electron/electron/pull/42613)
</details>
<details>
<summary>jotaijs/jotai-scope (jotai-scope)</summary>
### [`v0.7.0`](https://togithub.com/jotaijs/jotai-scope/compare/v0.6.0...v0.7.0)
[Compare Source](https://togithub.com/jotaijs/jotai-scope/compare/v0.6.0...v0.7.0)
</details>
<details>
<summary>lucide-icons/lucide (lucide-react)</summary>
### [`v0.408.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.408.0): New icons 0.408.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.407.0...0.408.0)
#### New icons 🎨
- `monitor-cog` ([#​2310](https://togithub.com/lucide-icons/lucide/issues/2310)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `church` ([#​2273](https://togithub.com/lucide-icons/lucide/issues/2273)) by [@​jguddas](https://togithub.com/jguddas)
- `delete` ([#​2279](https://togithub.com/lucide-icons/lucide/issues/2279)) by [@​jguddas](https://togithub.com/jguddas)
- `drafting-compass` ([#​2266](https://togithub.com/lucide-icons/lucide/issues/2266)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.407.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.407.0): New icons 0.407.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.406.0...0.407.0)
#### New icons 🎨
- `type-outline` ([#​2206](https://togithub.com/lucide-icons/lucide/issues/2206)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.406.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.406.0): New icons 0.406.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.405.0...0.406.0)
#### New icons 🎨
- `calendar-arrow-down` ([#​2307](https://togithub.com/lucide-icons/lucide/issues/2307)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `calendar-arrow-up` ([#​2307](https://togithub.com/lucide-icons/lucide/issues/2307)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `clock-arrow-down` ([#​2307](https://togithub.com/lucide-icons/lucide/issues/2307)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `clock-arrow-up` ([#​2307](https://togithub.com/lucide-icons/lucide/issues/2307)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.405.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.405.0): New icons 0.405.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.404.0...0.405.0)
#### New icons 🎨
- `user-pen` ([#​2303](https://togithub.com/lucide-icons/lucide/issues/2303)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `user-round-pen` ([#​2303](https://togithub.com/lucide-icons/lucide/issues/2303)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.404.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.404.0): New icons 0.404.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.403.0...0.404.0)
#### New icons 🎨
- `folder-code` ([#​2276](https://togithub.com/lucide-icons/lucide/issues/2276)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.403.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.403.0): New icons 0.403.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.402.0...0.403.0)
#### New icons 🎨
- `list-check` ([#​2291](https://togithub.com/lucide-icons/lucide/issues/2291)) by [@​guanboo-yang](https://togithub.com/guanboo-yang)
### [`v0.402.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.402.0): New icons 0.402.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.401.0...0.402.0)
#### New icons 🎨
- `wifi-high` ([#​2157](https://togithub.com/lucide-icons/lucide/issues/2157)) by [@​VirtCode](https://togithub.com/VirtCode)
- `wifi-low` ([#​2157](https://togithub.com/lucide-icons/lucide/issues/2157)) by [@​VirtCode](https://togithub.com/VirtCode)
- `wifi-zero` ([#​2157](https://togithub.com/lucide-icons/lucide/issues/2157)) by [@​VirtCode](https://togithub.com/VirtCode)
### [`v0.401.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.401.0): New icons 0.401.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.400.0...0.401.0)
#### New icons 🎨
- `scan-qr-code` ([#​2247](https://togithub.com/lucide-icons/lucide/issues/2247)) by [@​vexkiddy](https://togithub.com/vexkiddy)
#### Modified Icons 🔨
- `book-a` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-audio` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-check` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-copy` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-dashed` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-down` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-headphones` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-heart` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-image` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-key` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-lock` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-marked` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-minus` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-plus` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-text` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-type` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-up-2` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-up` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-user` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book-x` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `book` ([#​2274](https://togithub.com/lucide-icons/lucide/issues/2274)) by [@​jguddas](https://togithub.com/jguddas)
- `circle-power` ([#​2285](https://togithub.com/lucide-icons/lucide/issues/2285)) by [@​jguddas](https://togithub.com/jguddas)
- `key-round` ([#​2278](https://togithub.com/lucide-icons/lucide/issues/2278)) by [@​jguddas](https://togithub.com/jguddas)
- `octagon-alert` ([#​2280](https://togithub.com/lucide-icons/lucide/issues/2280)) by [@​jguddas](https://togithub.com/jguddas)
- `octagon-pause` ([#​2280](https://togithub.com/lucide-icons/lucide/issues/2280)) by [@​jguddas](https://togithub.com/jguddas)
- `octagon-x` ([#​2280](https://togithub.com/lucide-icons/lucide/issues/2280)) by [@​jguddas](https://togithub.com/jguddas)
- `octagon` ([#​2280](https://togithub.com/lucide-icons/lucide/issues/2280)) by [@​jguddas](https://togithub.com/jguddas)
- `signature` ([#​2293](https://togithub.com/lucide-icons/lucide/issues/2293)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-power` ([#​2285](https://togithub.com/lucide-icons/lucide/issues/2285)) by [@​jguddas](https://togithub.com/jguddas)
</details>
<details>
<summary>nodejs/node (node)</summary>
### [`v20.15.1`](https://togithub.com/nodejs/node/compare/v20.15.0...v20.15.1)
[Compare Source](https://togithub.com/nodejs/node/compare/v20.15.0...v20.15.1)
</details>
<details>
<summary>i18next/react-i18next (react-i18next)</summary>
### [`v14.1.3`](https://togithub.com/i18next/react-i18next/blob/HEAD/CHANGELOG.md#1413)
[Compare Source](https://togithub.com/i18next/react-i18next/compare/v14.1.2...v14.1.3)
- create a isObject helper function [1766](https://togithub.com/i18next/react-i18next/pull/1766)
- optimize nodesToString [1765](https://togithub.com/i18next/react-i18next/pull/1765)
- Simplifies hasValidReactChildren [1764](https://togithub.com/i18next/react-i18next/pull/1764)
- create a isString helper to avoid code duplication [1763](https://togithub.com/i18next/react-i18next/pull/1763)
- use arrow functions where possible [1762](https://togithub.com/i18next/react-i18next/pull/1762)
- use the commented out async code [1761](https://togithub.com/i18next/react-i18next/pull/1761)
</details>
<details>
<summary>serde-rs/serde (serde)</summary>
### [`v1.0.204`](https://togithub.com/serde-rs/serde/releases/tag/v1.0.204)
[Compare Source](https://togithub.com/serde-rs/serde/compare/v1.0.203...v1.0.204)
- Apply #\[diagnostic::on_unimplemented] attribute on Rust 1.78+ to suggest adding serde derive or enabling a "serde" feature flag in dependencies ([#​2767](https://togithub.com/serde-rs/serde/issues/2767), thanks [@​weiznich](https://togithub.com/weiznich))
</details>
<details>
<summary>hipstersmoothie/storybook-dark-mode (storybook-dark-mode)</summary>
### [`v4.0.2`](https://togithub.com/hipstersmoothie/storybook-dark-mode/blob/HEAD/CHANGELOG.md#v402-Wed-Jun-19-2024)
[Compare Source](https://togithub.com/hipstersmoothie/storybook-dark-mode/compare/v4.0.1...v4.0.2)
##### 🐛 Bug Fix
- Fix for the "Storybook preview hooks can only be called inside decorators and story functions." error [#​279](https://togithub.com/hipstersmoothie/storybook-dark-mode/pull/279) ([@​adam-golab](https://togithub.com/adam-golab))
##### Authors: 1
- Adam Gołąb ([@​adam-golab](https://togithub.com/adam-golab))
***
</details>
<details>
<summary>tailwindlabs/tailwindcss (tailwindcss)</summary>
### [`v3.4.5`](https://togithub.com/tailwindlabs/tailwindcss/compare/v3.4.4...a0dbb3d87664521af8a422df5c179d9572a4698c)
[Compare Source](https://togithub.com/tailwindlabs/tailwindcss/compare/v3.4.4...v3.4.5)
</details>
<details>
<summary>uuid-rs/uuid (uuid)</summary>
### [`v1.10.0`](https://togithub.com/uuid-rs/uuid/releases/tag/1.10.0)
[Compare Source](https://togithub.com/uuid-rs/uuid/compare/1.9.1...1.10.0)
##### Deprecations
This release deprecates and renames the following functions:
- `Builder::from_rfc4122_timestamp` -> `Builder::from_gregorian_timestamp`
- `Builder::from_sorted_rfc4122_timestamp` -> `Builder::from_sorted_gregorian_timestamp`
- `Timestamp::from_rfc4122` -> `Timestamp::from_gregorian`
- `Timestamp::to_rfc4122` -> `Timestamp::to_gregorian`
##### What's Changed
- Use const identifier in uuid macro by [@​Vrajs16](https://togithub.com/Vrajs16) in [https://github.com/uuid-rs/uuid/pull/764](https://togithub.com/uuid-rs/uuid/pull/764)
- Rename most methods referring to RFC4122 by [@​Mikopet](https://togithub.com/Mikopet) / [@​KodrAus](https://togithub.com/KodrAus) in [https://github.com/uuid-rs/uuid/pull/765](https://togithub.com/uuid-rs/uuid/pull/765)
- prepare for 1.10.0 release by [@​KodrAus](https://togithub.com/KodrAus) in [https://github.com/uuid-rs/uuid/pull/766](https://togithub.com/uuid-rs/uuid/pull/766)
##### New Contributors
- [@​Vrajs16](https://togithub.com/Vrajs16) made their first contribution in [https://github.com/uuid-rs/uuid/pull/764](https://togithub.com/uuid-rs/uuid/pull/764)
**Full Changelog**: https://github.com/uuid-rs/uuid/compare/1.9.1...1.10.0
</details>
<details>
<summary>IanVS/vitest-fetch-mock (vitest-fetch-mock)</summary>
### [`v0.3.0`](https://togithub.com/IanVS/vitest-fetch-mock/releases/tag/v0.3.0)
[Compare Source](https://togithub.com/IanVS/vitest-fetch-mock/compare/v0.2.2...v0.3.0)
#### Breaking changes
- Support Vitest 2
- Require Node 18 and above
#### Fixes
- Better TypeScript support
#### PRs:
- Update to vitest 2 by [@​birtles](https://togithub.com/birtles) in [https://github.com/IanVS/vitest-fetch-mock/pull/18](https://togithub.com/IanVS/vitest-fetch-mock/pull/18)
- Update dependencies by [@​IanVS](https://togithub.com/IanVS) in [https://github.com/IanVS/vitest-fetch-mock/pull/20](https://togithub.com/IanVS/vitest-fetch-mock/pull/20)
- Update node versions tested in CI by [@​IanVS](https://togithub.com/IanVS) in [https://github.com/IanVS/vitest-fetch-mock/pull/19](https://togithub.com/IanVS/vitest-fetch-mock/pull/19)
- Fix: move index.d.ts alongside index.js main entry by [@​drwpow](https://togithub.com/drwpow) in [https://github.com/IanVS/vitest-fetch-mock/pull/11](https://togithub.com/IanVS/vitest-fetch-mock/pull/11)
#### New Contributors
- [@​birtles](https://togithub.com/birtles) made their first contribution in [https://github.com/IanVS/vitest-fetch-mock/pull/18](https://togithub.com/IanVS/vitest-fetch-mock/pull/18)
- [@​drwpow](https://togithub.com/drwpow) made their first contribution in [https://github.com/IanVS/vitest-fetch-mock/pull/11](https://togithub.com/IanVS/vitest-fetch-mock/pull/11)
**Full Changelog**: https://github.com/IanVS/vitest-fetch-mock/compare/v0.2.2...v0.3.0
</details>
<details>
<summary>eratio08/vitest-mock-extended (vitest-mock-extended)</summary>
### [`v1.3.2`](https://togithub.com/eratio08/vitest-mock-extended/releases/tag/v1.3.2)
[Compare Source](https://togithub.com/eratio08/vitest-mock-extended/compare/v1.3.1...v1.3.2)
##### Bug Fixes
- Resolve issues with Vitest 2.0 Mock Type changes ([b1d2b89](https://togithub.com/eratio08/vitest-mock-extended/commit/b1d2b893ddce4cb9e3ed3ecc10ed80f3439beed7))
- `vitest-mock-extended` now requires `vitest` `2.0.0`
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzEuNCIsInVwZGF0ZWRJblZlciI6IjM3LjQzMS40IiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->
2024-07-16 10:29:08 +03:00
|
|
|
checksum = "81dfa00651efa65069b0b6b651f4aaa31ba9e3c3ce0137aaad053604ee7e0314"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-09-04 10:31:00 +03:00
|
|
|
"getrandom",
|
|
|
|
"rand",
|
2023-05-10 12:16:48 +03:00
|
|
|
"serde",
|
|
|
|
]
|
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "valuable"
|
|
|
|
version = "0.1.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d"
|
|
|
|
|
2023-05-17 07:36:51 +03:00
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "vcpkg"
|
|
|
|
version = "0.2.15"
|
2023-05-17 07:36:51 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-06-07 09:52:19 +03:00
|
|
|
checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
|
2023-05-17 07:36:51 +03:00
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "version_check"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.9.5"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
2023-05-17 07:36:51 +03:00
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "walkdir"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "2.5.0"
|
2023-05-17 07:36:51 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "29790946404f91d9c5d06f9874efddea1dc06c5efe94541a7d6863108e3a5e4b"
|
2023-05-17 07:36:51 +03:00
|
|
|
dependencies = [
|
2023-06-07 09:52:19 +03:00
|
|
|
"same-file",
|
|
|
|
"winapi-util",
|
2023-05-17 07:36:51 +03:00
|
|
|
]
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
|
|
|
name = "wasi"
|
|
|
|
version = "0.11.0+wasi-snapshot-preview1"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
|
|
|
|
|
2024-04-08 05:46:13 +03:00
|
|
|
[[package]]
|
|
|
|
name = "wasite"
|
|
|
|
version = "0.1.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "b8dad83b4f25e74f184f64c43b150b91efe7647395b42289f38e50566d82855b"
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
|
|
|
name = "wasm-bindgen"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.2.93"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "a82edfc16a6c469f5f44dc7b571814045d60404b55a0ee849f9bcfa2e63dd9b5"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-06-07 09:52:19 +03:00
|
|
|
"cfg-if",
|
2024-09-03 10:42:54 +03:00
|
|
|
"once_cell",
|
2023-06-07 09:52:19 +03:00
|
|
|
"wasm-bindgen-macro",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "wasm-bindgen-backend"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.2.93"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "9de396da306523044d3302746f1208fa71d7532227f15e347e2d93e4145dd77b"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-06-07 09:52:19 +03:00
|
|
|
"bumpalo",
|
|
|
|
"log",
|
|
|
|
"once_cell",
|
2023-05-10 12:16:48 +03:00
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"syn",
|
2023-06-07 09:52:19 +03:00
|
|
|
"wasm-bindgen-shared",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "wasm-bindgen-macro"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.2.93"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "585c4c91a46b072c92e908d99cb1dcdf95c5218eeb6f3bf1efa991ee7a68cccf"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-06-07 09:52:19 +03:00
|
|
|
"quote",
|
|
|
|
"wasm-bindgen-macro-support",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
2023-05-17 07:36:51 +03:00
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "wasm-bindgen-macro-support"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.2.93"
|
2023-05-17 07:36:51 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "afc340c74d9005395cf9dd098506f7f44e38f2b4a21c6aaacf9a105ea5e1e836"
|
2023-05-17 07:36:51 +03:00
|
|
|
dependencies = [
|
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"syn",
|
2023-06-07 09:52:19 +03:00
|
|
|
"wasm-bindgen-backend",
|
|
|
|
"wasm-bindgen-shared",
|
2023-05-17 07:36:51 +03:00
|
|
|
]
|
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "wasm-bindgen-shared"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.2.93"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "c62a0a307cb4a311d3a07867860911ca130c3494e8c2719593806c08bc5d0484"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "webpki-roots"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.26.5"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "0bd24728e5af82c6c4ec1b66ac4844bdf8156257fccda846ec58b42cd0cdbe6a"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
dependencies = [
|
|
|
|
"rustls-pki-types",
|
|
|
|
]
|
2023-05-10 12:16:48 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "whoami"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "1.5.2"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "372d5b87f58ec45c384ba03563b03544dc5fadc3983e434b286913f5b4a9bb6d"
|
2024-04-08 05:46:13 +03:00
|
|
|
dependencies = [
|
2024-09-03 10:42:54 +03:00
|
|
|
"redox_syscall",
|
2024-04-08 05:46:13 +03:00
|
|
|
"wasite",
|
|
|
|
]
|
2023-05-10 12:16:48 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "winapi"
|
|
|
|
version = "0.3.9"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
|
|
|
|
dependencies = [
|
|
|
|
"winapi-i686-pc-windows-gnu",
|
|
|
|
"winapi-x86_64-pc-windows-gnu",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "winapi-i686-pc-windows-gnu"
|
|
|
|
version = "0.4.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "winapi-util"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.1.9"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2024-09-03 10:42:54 +03:00
|
|
|
"windows-sys 0.59.0",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "winapi-x86_64-pc-windows-gnu"
|
|
|
|
version = "0.4.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.58.0"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "dd04d41d93c4992d421894c18c8b43496aa748dd4c081bac0dc93eb0489272b6"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2024-09-03 10:42:54 +03:00
|
|
|
"windows-core 0.58.0",
|
|
|
|
"windows-targets 0.52.6",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
2023-10-23 06:00:15 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows-core"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.52.0"
|
2023-10-23 06:00:15 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9"
|
2023-10-23 06:00:15 +03:00
|
|
|
dependencies = [
|
2024-09-03 10:42:54 +03:00
|
|
|
"windows-targets 0.52.6",
|
2023-10-23 06:00:15 +03:00
|
|
|
]
|
|
|
|
|
2024-05-16 12:15:58 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows-core"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.58.0"
|
2024-05-16 12:15:58 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "6ba6d44ec8c2591c134257ce647b7ea6b20335bf6379a27dac5f1641fcf59f99"
|
2024-05-16 12:15:58 +03:00
|
|
|
dependencies = [
|
2024-09-03 10:42:54 +03:00
|
|
|
"windows-implement",
|
|
|
|
"windows-interface",
|
2024-05-16 12:15:58 +03:00
|
|
|
"windows-result",
|
2024-09-03 10:42:54 +03:00
|
|
|
"windows-strings",
|
|
|
|
"windows-targets 0.52.6",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "windows-implement"
|
|
|
|
version = "0.58.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "2bbd5b46c938e506ecbce286b6628a02171d56153ba733b6c741fc627ec9579b"
|
|
|
|
dependencies = [
|
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
|
|
|
"syn",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "windows-interface"
|
|
|
|
version = "0.58.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "053c4c462dc91d3b1504c6fe5a726dd15e216ba718e84a0e46a88fbe5ded3515"
|
|
|
|
dependencies = [
|
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
|
|
|
"syn",
|
2024-05-16 12:15:58 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "windows-result"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.2.0"
|
2024-05-16 12:15:58 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "1d1043d8214f791817bab27572aaa8af63732e11bf84aa21a45a78d6c317ae0e"
|
2024-05-16 12:15:58 +03:00
|
|
|
dependencies = [
|
2024-09-03 10:42:54 +03:00
|
|
|
"windows-targets 0.52.6",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "windows-strings"
|
|
|
|
version = "0.1.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "4cd9b125c486025df0eabcb585e62173c6c9eddcec5d117d3b6e8c30e2ee4d10"
|
|
|
|
dependencies = [
|
|
|
|
"windows-result",
|
|
|
|
"windows-targets 0.52.6",
|
2024-05-16 12:15:58 +03:00
|
|
|
]
|
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows-sys"
|
|
|
|
version = "0.48.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9"
|
|
|
|
dependencies = [
|
2024-04-19 23:14:13 +03:00
|
|
|
"windows-targets 0.48.5",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "windows-sys"
|
|
|
|
version = "0.52.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d"
|
|
|
|
dependencies = [
|
2024-09-03 10:42:54 +03:00
|
|
|
"windows-targets 0.52.6",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "windows-sys"
|
|
|
|
version = "0.59.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b"
|
|
|
|
dependencies = [
|
|
|
|
"windows-targets 0.52.6",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "windows-targets"
|
2023-08-31 11:39:19 +03:00
|
|
|
version = "0.48.5"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-31 11:39:19 +03:00
|
|
|
checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2024-04-19 23:14:13 +03:00
|
|
|
"windows_aarch64_gnullvm 0.48.5",
|
|
|
|
"windows_aarch64_msvc 0.48.5",
|
|
|
|
"windows_i686_gnu 0.48.5",
|
|
|
|
"windows_i686_msvc 0.48.5",
|
|
|
|
"windows_x86_64_gnu 0.48.5",
|
|
|
|
"windows_x86_64_gnullvm 0.48.5",
|
|
|
|
"windows_x86_64_msvc 0.48.5",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "windows-targets"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.52.6"
|
2024-04-19 23:14:13 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973"
|
2024-04-19 23:14:13 +03:00
|
|
|
dependencies = [
|
2024-09-03 10:42:54 +03:00
|
|
|
"windows_aarch64_gnullvm 0.52.6",
|
|
|
|
"windows_aarch64_msvc 0.52.6",
|
|
|
|
"windows_i686_gnu 0.52.6",
|
2024-04-19 23:14:13 +03:00
|
|
|
"windows_i686_gnullvm",
|
2024-09-03 10:42:54 +03:00
|
|
|
"windows_i686_msvc 0.52.6",
|
|
|
|
"windows_x86_64_gnu 0.52.6",
|
|
|
|
"windows_x86_64_gnullvm 0.52.6",
|
|
|
|
"windows_x86_64_msvc 0.52.6",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "windows_aarch64_gnullvm"
|
2023-08-31 11:39:19 +03:00
|
|
|
version = "0.48.5"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-31 11:39:19 +03:00
|
|
|
checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
2024-04-19 23:14:13 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows_aarch64_gnullvm"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.52.6"
|
2024-04-19 23:14:13 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3"
|
2024-04-19 23:14:13 +03:00
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows_aarch64_msvc"
|
2023-08-31 11:39:19 +03:00
|
|
|
version = "0.48.5"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-31 11:39:19 +03:00
|
|
|
checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
2024-04-19 23:14:13 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows_aarch64_msvc"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.52.6"
|
2024-04-19 23:14:13 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469"
|
2024-04-19 23:14:13 +03:00
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows_i686_gnu"
|
2023-08-31 11:39:19 +03:00
|
|
|
version = "0.48.5"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-31 11:39:19 +03:00
|
|
|
checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
2024-04-19 23:14:13 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows_i686_gnu"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.52.6"
|
2024-04-19 23:14:13 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b"
|
2024-04-19 23:14:13 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "windows_i686_gnullvm"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.52.6"
|
2024-04-19 23:14:13 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66"
|
2024-04-19 23:14:13 +03:00
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows_i686_msvc"
|
2023-08-31 11:39:19 +03:00
|
|
|
version = "0.48.5"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-31 11:39:19 +03:00
|
|
|
checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
2024-04-19 23:14:13 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows_i686_msvc"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.52.6"
|
2024-04-19 23:14:13 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66"
|
2024-04-19 23:14:13 +03:00
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows_x86_64_gnu"
|
2023-08-31 11:39:19 +03:00
|
|
|
version = "0.48.5"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-31 11:39:19 +03:00
|
|
|
checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
2024-04-19 23:14:13 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows_x86_64_gnu"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.52.6"
|
2024-04-19 23:14:13 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78"
|
2024-04-19 23:14:13 +03:00
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows_x86_64_gnullvm"
|
2023-08-31 11:39:19 +03:00
|
|
|
version = "0.48.5"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-31 11:39:19 +03:00
|
|
|
checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
2024-04-19 23:14:13 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows_x86_64_gnullvm"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.52.6"
|
2024-04-19 23:14:13 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d"
|
2024-04-19 23:14:13 +03:00
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows_x86_64_msvc"
|
2023-08-31 11:39:19 +03:00
|
|
|
version = "0.48.5"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-31 11:39:19 +03:00
|
|
|
checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
2024-04-19 23:14:13 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows_x86_64_msvc"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.52.6"
|
2024-04-19 23:14:13 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"
|
2024-04-19 23:14:13 +03:00
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "wyz"
|
|
|
|
version = "0.5.1"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-29 13:07:05 +03:00
|
|
|
checksum = "05f360fc0b24296329c78fda852a1e9ae82de9cf7b27dae4b7f62f118f77b9ed"
|
|
|
|
dependencies = [
|
|
|
|
"tap",
|
|
|
|
]
|
|
|
|
|
2024-01-31 09:54:33 +03:00
|
|
|
[[package]]
|
|
|
|
name = "y-octo"
|
|
|
|
version = "0.0.1"
|
2024-09-03 10:42:54 +03:00
|
|
|
source = "git+https://github.com/y-crdt/y-octo.git?branch=main#45ac3de62de583ee666d8870435eb8c071d89250"
|
2024-01-31 09:54:33 +03:00
|
|
|
dependencies = [
|
|
|
|
"ahash",
|
|
|
|
"arbitrary",
|
|
|
|
"bitvec",
|
|
|
|
"byteorder",
|
|
|
|
"lasso",
|
|
|
|
"log",
|
|
|
|
"loom",
|
|
|
|
"nanoid",
|
|
|
|
"nom",
|
|
|
|
"ordered-float",
|
|
|
|
"rand",
|
|
|
|
"rand_chacha",
|
|
|
|
"rand_distr",
|
|
|
|
"serde",
|
|
|
|
"serde_json",
|
|
|
|
"smol_str",
|
|
|
|
"thiserror",
|
|
|
|
]
|
|
|
|
|
2023-11-27 10:24:07 +03:00
|
|
|
[[package]]
|
|
|
|
name = "zerocopy"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.7.35"
|
2023-11-27 10:24:07 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0"
|
2023-11-27 10:24:07 +03:00
|
|
|
dependencies = [
|
2024-09-03 10:42:54 +03:00
|
|
|
"byteorder",
|
2023-11-27 10:24:07 +03:00
|
|
|
"zerocopy-derive",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "zerocopy-derive"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.7.35"
|
2023-11-27 10:24:07 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e"
|
2023-11-27 10:24:07 +03:00
|
|
|
dependencies = [
|
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"syn",
|
2024-06-11 12:07:25 +03:00
|
|
|
]
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
|
|
|
name = "zeroize"
|
2024-05-28 08:38:11 +03:00
|
|
|
version = "1.8.1"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-28 08:38:11 +03:00
|
|
|
checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde"
|