2023-05-10 12:16:48 +03:00
|
|
|
# This file is automatically @generated by Cargo.
|
|
|
|
# It is not intended for manual editing.
|
chore: bump up all non-major dependencies (#8954)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type | Update |
|---|---|---|---|---|---|---|---|
| [@aws-sdk/client-s3](https://redirect.github.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://redirect.github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.701.0` -> `3.703.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.701.0/3.703.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.703.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.703.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.701.0/3.703.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.701.0/3.703.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@aws-sdk/client-s3](https://redirect.github.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://redirect.github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.701.0` -> `3.703.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.701.0/3.703.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.703.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.703.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.701.0/3.703.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.701.0/3.703.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@sentry/react](https://redirect.github.com/getsentry/sentry-javascript/tree/master/packages/react) ([source](https://redirect.github.com/getsentry/sentry-javascript)) | [`8.41.0` -> `8.42.0`](https://renovatebot.com/diffs/npm/@sentry%2freact/8.41.0/8.42.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@sentry%2freact/8.42.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@sentry%2freact/8.42.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@sentry%2freact/8.41.0/8.42.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@sentry%2freact/8.41.0/8.42.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@sentry/react](https://redirect.github.com/getsentry/sentry-javascript/tree/master/packages/react) ([source](https://redirect.github.com/getsentry/sentry-javascript)) | [`8.41.0` -> `8.42.0`](https://renovatebot.com/diffs/npm/@sentry%2freact/8.41.0/8.42.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@sentry%2freact/8.42.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@sentry%2freact/8.42.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@sentry%2freact/8.41.0/8.42.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@sentry%2freact/8.41.0/8.42.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@storybook/addon-essentials](https://redirect.github.com/storybookjs/storybook/tree/next/code/addons/essentials) ([source](https://redirect.github.com/storybookjs/storybook/tree/HEAD/code/addons/essentials)) | [`8.4.5` -> `8.4.6`](https://renovatebot.com/diffs/npm/@storybook%2faddon-essentials/8.4.5/8.4.6) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@storybook%2faddon-essentials/8.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@storybook%2faddon-essentials/8.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@storybook%2faddon-essentials/8.4.5/8.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@storybook%2faddon-essentials/8.4.5/8.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@storybook/addon-interactions](https://redirect.github.com/storybookjs/storybook/tree/next/code/addons/interactions) ([source](https://redirect.github.com/storybookjs/storybook/tree/HEAD/code/addons/interactions)) | [`8.4.5` -> `8.4.6`](https://renovatebot.com/diffs/npm/@storybook%2faddon-interactions/8.4.5/8.4.6) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@storybook%2faddon-interactions/8.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@storybook%2faddon-interactions/8.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@storybook%2faddon-interactions/8.4.5/8.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@storybook%2faddon-interactions/8.4.5/8.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@storybook/addon-links](https://redirect.github.com/storybookjs/storybook/tree/next/code/addons/links) ([source](https://redirect.github.com/storybookjs/storybook/tree/HEAD/code/addons/links)) | [`8.4.5` -> `8.4.6`](https://renovatebot.com/diffs/npm/@storybook%2faddon-links/8.4.5/8.4.6) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@storybook%2faddon-links/8.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@storybook%2faddon-links/8.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@storybook%2faddon-links/8.4.5/8.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@storybook%2faddon-links/8.4.5/8.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@storybook/addon-mdx-gfm](https://redirect.github.com/storybookjs/storybook/tree/next/code/addons/gfm) ([source](https://redirect.github.com/storybookjs/storybook/tree/HEAD/code/addons/gfm)) | [`8.4.5` -> `8.4.6`](https://renovatebot.com/diffs/npm/@storybook%2faddon-mdx-gfm/8.4.5/8.4.6) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@storybook%2faddon-mdx-gfm/8.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@storybook%2faddon-mdx-gfm/8.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@storybook%2faddon-mdx-gfm/8.4.5/8.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@storybook%2faddon-mdx-gfm/8.4.5/8.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@storybook/react](https://redirect.github.com/storybookjs/storybook/tree/next/code/renderers/react) ([source](https://redirect.github.com/storybookjs/storybook/tree/HEAD/code/renderers/react)) | [`8.4.5` -> `8.4.6`](https://renovatebot.com/diffs/npm/@storybook%2freact/8.4.5/8.4.6) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@storybook%2freact/8.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@storybook%2freact/8.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@storybook%2freact/8.4.5/8.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@storybook%2freact/8.4.5/8.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@storybook/react-vite](https://redirect.github.com/storybookjs/storybook/tree/next/code/frameworks/react-vite) ([source](https://redirect.github.com/storybookjs/storybook/tree/HEAD/code/frameworks/react-vite)) | [`8.4.5` -> `8.4.6`](https://renovatebot.com/diffs/npm/@storybook%2freact-vite/8.4.5/8.4.6) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@storybook%2freact-vite/8.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@storybook%2freact-vite/8.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@storybook%2freact-vite/8.4.5/8.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@storybook%2freact-vite/8.4.5/8.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@types/node](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node) ([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)) | [`20.17.8` -> `20.17.9`](https://renovatebot.com/diffs/npm/@types%2fnode/20.17.8/20.17.9) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fnode/20.17.9?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2fnode/20.17.9?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2fnode/20.17.8/20.17.9?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fnode/20.17.8/20.17.9?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vitest/coverage-istanbul](https://redirect.github.com/vitest-dev/vitest/tree/main/packages/coverage-istanbul#readme) ([source](https://redirect.github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-istanbul)) | [`2.1.6` -> `2.1.8`](https://renovatebot.com/diffs/npm/@vitest%2fcoverage-istanbul/2.1.6/2.1.8) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vitest%2fcoverage-istanbul/2.1.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vitest%2fcoverage-istanbul/2.1.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vitest%2fcoverage-istanbul/2.1.6/2.1.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vitest%2fcoverage-istanbul/2.1.6/2.1.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vitest/ui](https://redirect.github.com/vitest-dev/vitest/tree/main/packages/ui#readme) ([source](https://redirect.github.com/vitest-dev/vitest/tree/HEAD/packages/ui)) | [`2.1.6` -> `2.1.8`](https://renovatebot.com/diffs/npm/@vitest%2fui/2.1.6/2.1.8) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vitest%2fui/2.1.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vitest%2fui/2.1.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vitest%2fui/2.1.6/2.1.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vitest%2fui/2.1.6/2.1.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [dotenv](https://redirect.github.com/motdotla/dotenv) | [`16.4.5` -> `16.4.6`](https://renovatebot.com/diffs/npm/dotenv/16.4.5/16.4.6) | [![age](https://developer.mend.io/api/mc/badges/age/npm/dotenv/16.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/dotenv/16.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/dotenv/16.4.5/16.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/dotenv/16.4.5/16.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [dotenv](https://redirect.github.com/motdotla/dotenv) | [`16.4.5` -> `16.4.6`](https://renovatebot.com/diffs/npm/dotenv/16.4.5/16.4.6) | [![age](https://developer.mend.io/api/mc/badges/age/npm/dotenv/16.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/dotenv/16.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/dotenv/16.4.5/16.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/dotenv/16.4.5/16.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [graphql-scalars](https://redirect.github.com/Urigo/graphql-scalars) | [`1.23.0` -> `1.24.0`](https://renovatebot.com/diffs/npm/graphql-scalars/1.23.0/1.24.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/graphql-scalars/1.24.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/graphql-scalars/1.24.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/graphql-scalars/1.23.0/1.24.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/graphql-scalars/1.23.0/1.24.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [html-validate](https://html-validate.org) ([source](https://gitlab.com/html-validate/html-validate)) | [`8.26.0` -> `8.27.0`](https://renovatebot.com/diffs/npm/html-validate/8.26.0/8.27.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/html-validate/8.27.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/html-validate/8.27.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/html-validate/8.26.0/8.27.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/html-validate/8.26.0/8.27.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [marked](https://marked.js.org) ([source](https://redirect.github.com/markedjs/marked)) | [`15.0.2` -> `15.0.3`](https://renovatebot.com/diffs/npm/marked/15.0.2/15.0.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/marked/15.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/marked/15.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/marked/15.0.2/15.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/marked/15.0.2/15.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [napi](https://redirect.github.com/napi-rs/napi-rs) | `3.0.0-alpha.20` -> `3.0.0-alpha.21` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi/3.0.0-alpha.21?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi/3.0.0-alpha.21?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi/3.0.0-alpha.20/3.0.0-alpha.21?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi/3.0.0-alpha.20/3.0.0-alpha.21?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [napi-derive](https://redirect.github.com/napi-rs/napi-rs) | `3.0.0-alpha.19` -> `3.0.0-alpha.20` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi-derive/3.0.0-alpha.20?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi-derive/3.0.0-alpha.20?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi-derive/3.0.0-alpha.19/3.0.0-alpha.20?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi-derive/3.0.0-alpha.19/3.0.0-alpha.20?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [nx](https://nx.dev) ([source](https://redirect.github.com/nrwl/nx/tree/HEAD/packages/nx)) | [`20.1.3` -> `20.1.4`](https://renovatebot.com/diffs/npm/nx/20.1.3/20.1.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/nx/20.1.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/nx/20.1.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/nx/20.1.3/20.1.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nx/20.1.3/20.1.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [openai](https://redirect.github.com/openai/openai-node) | [`4.73.1` -> `4.74.0`](https://renovatebot.com/diffs/npm/openai/4.73.1/4.74.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/openai/4.74.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/openai/4.74.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/openai/4.73.1/4.74.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/openai/4.73.1/4.74.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [react-day-picker](https://daypicker.dev) ([source](https://redirect.github.com/gpbl/react-day-picker)) | [`9.4.0` -> `9.4.1`](https://renovatebot.com/diffs/npm/react-day-picker/9.4.0/9.4.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-day-picker/9.4.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-day-picker/9.4.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-day-picker/9.4.0/9.4.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-day-picker/9.4.0/9.4.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [react-i18next](https://redirect.github.com/i18next/react-i18next) | [`15.1.2` -> `15.1.3`](https://renovatebot.com/diffs/npm/react-i18next/15.1.2/15.1.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-i18next/15.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-i18next/15.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-i18next/15.1.2/15.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-i18next/15.1.2/15.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [react-virtuoso](https://virtuoso.dev/) ([source](https://redirect.github.com/petyosi/react-virtuoso)) | [`4.12.2` -> `4.12.3`](https://renovatebot.com/diffs/npm/react-virtuoso/4.12.2/4.12.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-virtuoso/4.12.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-virtuoso/4.12.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-virtuoso/4.12.2/4.12.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-virtuoso/4.12.2/4.12.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [storybook](https://redirect.github.com/storybookjs/storybook/tree/next/code/lib/cli) ([source](https://redirect.github.com/storybookjs/storybook/tree/HEAD/code/lib/cli)) | [`8.4.5` -> `8.4.6`](https://renovatebot.com/diffs/npm/storybook/8.4.5/8.4.6) | [![age](https://developer.mend.io/api/mc/badges/age/npm/storybook/8.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/storybook/8.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/storybook/8.4.5/8.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/storybook/8.4.5/8.4.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [tinybench](https://redirect.github.com/tinylibs/tinybench) | [`3.0.6` -> `3.0.7`](https://renovatebot.com/diffs/npm/tinybench/3.0.6/3.0.7) | [![age](https://developer.mend.io/api/mc/badges/age/npm/tinybench/3.0.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/tinybench/3.0.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/tinybench/3.0.6/3.0.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/tinybench/3.0.6/3.0.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [typedoc](https://typedoc.org) ([source](https://redirect.github.com/TypeStrong/TypeDoc)) | [`0.27.1` -> `0.27.2`](https://renovatebot.com/diffs/npm/typedoc/0.27.1/0.27.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/typedoc/0.27.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/typedoc/0.27.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/typedoc/0.27.1/0.27.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/typedoc/0.27.1/0.27.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [vite](https://vite.dev) ([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite)) | [`6.0.1` -> `6.0.2`](https://renovatebot.com/diffs/npm/vite/6.0.1/6.0.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite/6.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/6.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/6.0.1/6.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/6.0.1/6.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | resolutions | patch |
| [vitest](https://redirect.github.com/vitest-dev/vitest) ([source](https://redirect.github.com/vitest-dev/vitest/tree/HEAD/packages/vitest)) | [`2.1.6` -> `2.1.8`](https://renovatebot.com/diffs/npm/vitest/2.1.6/2.1.8) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vitest/2.1.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vitest/2.1.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vitest/2.1.6/2.1.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vitest/2.1.6/2.1.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [com.android.tools.build:gradle](https://developer.android.com/studio/build) ([source](https://android.googlesource.com/platform/tools/base)) | `8.7.2` -> `8.7.3` | [![age](https://developer.mend.io/api/mc/badges/age/maven/com.android.tools.build:gradle/8.7.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/maven/com.android.tools.build:gradle/8.7.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/maven/com.android.tools.build:gradle/8.7.2/8.7.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/maven/com.android.tools.build:gradle/8.7.2/8.7.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
---
### Release Notes
<details>
<summary>aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)</summary>
### [`v3.703.0`](https://redirect.github.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#37030-2024-12-02)
[Compare Source](https://redirect.github.com/aws/aws-sdk-js-v3/compare/v3.701.0...v3.703.0)
##### Features
- **client-s3:** Amazon S3 introduces support for AWS Dedicated Local Zones ([a4b4303](https://redirect.github.com/aws/aws-sdk-js-v3/commit/a4b43038cb15c3f1ff395194e3500b9d9a8c19d8))
</details>
<details>
<summary>getsentry/sentry-javascript (@​sentry/react)</summary>
### [`v8.42.0`](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/8.42.0)
[Compare Source](https://redirect.github.com/getsentry/sentry-javascript/compare/8.41.0...8.42.0)
##### Important Changes
- **feat(react): React Router v7 support (library) ([#​14513](https://redirect.github.com/getsentry/sentry-javascript/pull/14513))**
This release adds support for [React Router v7 (library mode)](https://reactrouter.com/home#react-router-as-a-library).
Check out the docs on how to set up the integration: [Sentry React Router v7 Integration Docs](https://docs.sentry.io/platforms/javascript/guides/react/features/react-router/v7/)
##### Deprecations
- **feat: Warn about source-map generation ([#​14533](https://redirect.github.com/getsentry/sentry-javascript/pull/14533))**
In the next major version of the SDK we will change how source maps are generated when the SDK is added to an application.
Currently, the implementation varies a lot between different SDKs and can be difficult to understand.
Moving forward, our goal is to turn on source maps for every framework, unless we detect that they are explicitly turned off.
Additionally, if we end up enabling source maps, we will emit a log message that we did so.
With this particular release, we are emitting warnings that source map generation will change in the future and we print instructions on how to prepare for the next major.
- **feat(nuxt): Deprecate `tracingOptions` in favor of `vueIntegration` ([#​14530](https://redirect.github.com/getsentry/sentry-javascript/pull/14530))**
Currently it is possible to configure tracing options in two places in the Sentry Nuxt SDK:
- In `Sentry.init()`
- Inside `tracingOptions` in `Sentry.init()`
For tree-shaking purposes and alignment with the Vue SDK, it is now recommended to instead use the newly exported `vueIntegration()` and its `tracingOptions` option to configure tracing options in the Nuxt SDK:
```ts
// sentry.client.config.ts
import * as Sentry from '@​sentry/nuxt';
Sentry.init({
// ...
integrations: [
Sentry.vueIntegration({
tracingOptions: {
trackComponents: true,
},
}),
],
});
```
##### Other Changes
- feat(browser-utils): Update `web-vitals` to v4.2.4 ([#​14439](https://redirect.github.com/getsentry/sentry-javascript/pull/14439))
- feat(nuxt): Expose `vueIntegration` ([#​14526](https://redirect.github.com/getsentry/sentry-javascript/pull/14526))
- fix(feedback): Handle css correctly in screenshot mode ([#​14535](https://redirect.github.com/getsentry/sentry-javascript/pull/14535))
#### Bundle size 📦
| Path | Size |
| ---------------------------------------------------------------- | ----------------- |
| [@​sentry/browser](https://redirect.github.com/sentry/browser) | 23.1 KB |
| [@​sentry/browser](https://redirect.github.com/sentry/browser) - with treeshaking flags | 21.84 KB |
| [@​sentry/browser](https://redirect.github.com/sentry/browser) (incl. Tracing) | 35.61 KB |
| [@​sentry/browser](https://redirect.github.com/sentry/browser) (incl. Tracing, Replay) | 72.47 KB |
| [@​sentry/browser](https://redirect.github.com/sentry/browser) (incl. Tracing, Replay) - with treeshaking flags | 62.96 KB |
| [@​sentry/browser](https://redirect.github.com/sentry/browser) (incl. Tracing, Replay with Canvas) | 76.79 KB |
| [@​sentry/browser](https://redirect.github.com/sentry/browser) (incl. Tracing, Replay, Feedback) | 89.28 KB |
| [@​sentry/browser](https://redirect.github.com/sentry/browser) (incl. Feedback) | 39.86 KB |
| [@​sentry/browser](https://redirect.github.com/sentry/browser) (incl. sendFeedback) | 27.72 KB |
| [@​sentry/browser](https://redirect.github.com/sentry/browser) (incl. FeedbackAsync) | 32.53 KB |
| [@​sentry/react](https://redirect.github.com/sentry/react) | 25.8 KB |
| [@​sentry/react](https://redirect.github.com/sentry/react) (incl. Tracing) | 38.49 KB |
| [@​sentry/vue](https://redirect.github.com/sentry/vue) | 27.25 KB |
| [@​sentry/vue](https://redirect.github.com/sentry/vue) (incl. Tracing) | 37.38 KB |
| [@​sentry/svelte](https://redirect.github.com/sentry/svelte) | 23.25 KB |
| CDN Bundle | 24.32 KB |
| CDN Bundle (incl. Tracing) | 37.29 KB |
| CDN Bundle (incl. Tracing, Replay) | 72.15 KB |
| CDN Bundle (incl. Tracing, Replay, Feedback) | 77.49 KB |
| CDN Bundle - uncompressed | 71.45 KB |
| CDN Bundle (incl. Tracing) - uncompressed | 110.76 KB |
| CDN Bundle (incl. Tracing, Replay) - uncompressed | 223.83 KB |
| CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed | 237.05 KB |
| [@​sentry/nextjs](https://redirect.github.com/sentry/nextjs) (client) | 38.78 KB |
| [@​sentry/sveltekit](https://redirect.github.com/sentry/sveltekit) (client) | 36.14 KB |
| [@​sentry/node](https://redirect.github.com/sentry/node) | 135.08 KB |
| [@​sentry/node](https://redirect.github.com/sentry/node) - without tracing | 97.13 KB |
| [@​sentry/aws-serverless](https://redirect.github.com/sentry/aws-serverless) | 109.43 KB |
</details>
<details>
<summary>storybookjs/storybook (@​storybook/addon-essentials)</summary>
### [`v8.4.6`](https://redirect.github.com/storybookjs/storybook/blob/HEAD/CHANGELOG.md#846)
[Compare Source](https://redirect.github.com/storybookjs/storybook/compare/v8.4.5...v8.4.6)
- Addon Test: Use pathe for better windows support - [#​29676](https://redirect.github.com/storybookjs/storybook/pull/29676), thanks [@​yannbf](https://redirect.github.com/yannbf)!
- Angular: Default to standalone components in Angular v19 - [#​29677](https://redirect.github.com/storybookjs/storybook/pull/29677), thanks [@​ingowagner](https://redirect.github.com/ingowagner)!
- Frameworks: Add Vite 6 support - [#​29710](https://redirect.github.com/storybookjs/storybook/pull/29710), thanks [@​yannbf](https://redirect.github.com/yannbf)!
- Portable stories: Support multiple annotation notations from preview - [#​29733](https://redirect.github.com/storybookjs/storybook/pull/29733), thanks [@​yannbf](https://redirect.github.com/yannbf)!
- React: Upgrade react-docgen-typescript to support Vite 6 - [#​29724](https://redirect.github.com/storybookjs/storybook/pull/29724), thanks [@​yannbf](https://redirect.github.com/yannbf)!
- Svelte: Support `@sveltejs/vite-plugin-svelte` v5 - [#​29731](https://redirect.github.com/storybookjs/storybook/pull/29731), thanks [@​JReinhold](https://redirect.github.com/JReinhold)!
</details>
<details>
<summary>vitest-dev/vitest (@​vitest/coverage-istanbul)</summary>
### [`v2.1.8`](https://redirect.github.com/vitest-dev/vitest/releases/tag/v2.1.8)
[Compare Source](https://redirect.github.com/vitest-dev/vitest/compare/v2.1.7...v2.1.8)
##### 🐞 Bug Fixes
- Support Node 21 - by [@​sheremet-va](https://redirect.github.com/sheremet-va) [<samp>(92f7a)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/92f7a2ad)
##### [View changes on GitHub](https://redirect.github.com/vitest-dev/vitest/compare/v2.1.7...v2.1.8)
### [`v2.1.7`](https://redirect.github.com/vitest-dev/vitest/compare/v2.1.6...v2.1.7)
[Compare Source](https://redirect.github.com/vitest-dev/vitest/compare/v2.1.6...v2.1.7)
</details>
<details>
<summary>motdotla/dotenv (dotenv)</summary>
### [`v16.4.6`](https://redirect.github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1646-2024-12-02)
[Compare Source](https://redirect.github.com/motdotla/dotenv/compare/v16.4.5...v16.4.6)
##### Changed
- Clean up stale dev dependencies [#​847](https://redirect.github.com/motdotla/dotenv/pull/847)
- Various README updates clarifying usage and alternative solutions using [dotenvx](https://redirect.github.com/dotenvx/dotenvx)
</details>
<details>
<summary>Urigo/graphql-scalars (graphql-scalars)</summary>
### [`v1.24.0`](https://redirect.github.com/Urigo/graphql-scalars/blob/HEAD/CHANGELOG.md#1240)
[Compare Source](https://redirect.github.com/Urigo/graphql-scalars/compare/v1.23.0...v1.24.0)
##### Minor Changes
- [`e5a3910`](https://redirect.github.com/Urigo/graphql-scalars/commit/e5a39101db92e9c3066d0045a4bf4e040e56c447)
Thanks [@​ifeanyi-ugwu](https://redirect.github.com/ifeanyi-ugwu)! - add GeoJSON scalar
- [`e5a3910`](https://redirect.github.com/Urigo/graphql-scalars/commit/e5a39101db92e9c3066d0045a4bf4e040e56c447)
Thanks [@​ifeanyi-ugwu](https://redirect.github.com/ifeanyi-ugwu)! - Add \`CountryName\` scalar
</details>
<details>
<summary>html-validate/html-validate (html-validate)</summary>
### [`v8.27.0`](https://gitlab.com/html-validate/html-validate/blob/HEAD/CHANGELOG.md#8270-2024-11-30)
[Compare Source](https://gitlab.com/html-validate/html-validate/compare/v8.26.0...v8.27.0)
##### Features
- **api:** deprecate `Config.init()` ([d4b5987](https://gitlab.com/html-validate/html-validate/commit/d4b5987a92da01a2373354373544a3f256996391))
- **config:** lazy load transformers ([d82bc57](https://gitlab.com/html-validate/html-validate/commit/d82bc57d3d86849151d7b4db286b93deab21c4d9)), closes [#​194](https://gitlab.com/html-validate/html-validate/issues/194)
</details>
<details>
<summary>markedjs/marked (marked)</summary>
### [`v15.0.3`](https://redirect.github.com/markedjs/marked/releases/tag/v15.0.3)
[Compare Source](https://redirect.github.com/markedjs/marked/compare/v15.0.2...v15.0.3)
##### Bug Fixes
- update punctuation regex syntax to fix babel mistaken transpile ([#​3547](https://redirect.github.com/markedjs/marked/issues/3547)) ([9b988c4](https://redirect.github.com/markedjs/marked/commit/9b988c47bd01869914ae891b6dd62932b05a6418))
</details>
<details>
<summary>napi-rs/napi-rs (napi)</summary>
### [`v3.0.0-alpha.21`](https://redirect.github.com/napi-rs/napi-rs/releases/tag/napi%403.0.0-alpha.21)
[Compare Source](https://redirect.github.com/napi-rs/napi-rs/compare/napi@3.0.0-alpha.20...napi@3.0.0-alpha.21)
#### What's Changed
- feat(napi): allow us to create nest function from closure by [@​richerfu](https://redirect.github.com/richerfu) in [https://github.com/napi-rs/napi-rs/pull/2360](https://redirect.github.com/napi-rs/napi-rs/pull/2360)
- feat(napi): implement `ValidateNapiValue` for HashMap with any hasher by [@​sapphi-red](https://redirect.github.com/sapphi-red) in [https://github.com/napi-rs/napi-rs/pull/2374](https://redirect.github.com/napi-rs/napi-rs/pull/2374)
- feat(napi): implement `ValidateNapiValue` for HashSet with any hasher by [@​sapphi-red](https://redirect.github.com/sapphi-red) in [https://github.com/napi-rs/napi-rs/pull/2377](https://redirect.github.com/napi-rs/napi-rs/pull/2377)
**Full Changelog**: https://github.com/napi-rs/napi-rs/compare/napi@3.0.0-alpha.20...napi@3.0.0-alpha.21
</details>
<details>
<summary>nrwl/nx (nx)</summary>
### [`v20.1.4`](https://redirect.github.com/nrwl/nx/releases/tag/20.1.4)
[Compare Source](https://redirect.github.com/nrwl/nx/compare/20.1.3...20.1.4)
#### 20.1.4 (2024-11-28)
##### 🚀 Features
- **misc:** replace tutorials with social links in create-nx-workspace ([#​29085](https://redirect.github.com/nrwl/nx/pull/29085))
- **nx-dev:** update top-level navbar ([0f330590b7](https://redirect.github.com/nrwl/nx/commit/0f330590b7))
##### 🩹 Fixes
- **angular:** ngrx-root-store generator check ngModule path ([#​29068](https://redirect.github.com/nrwl/nx/pull/29068))
- **core:** don't generate nxCloudId if running nx connect through nx console ([#​29060](https://redirect.github.com/nrwl/nx/pull/29060))
- **core:** update to the async version of getting powerpack information ([#​29088](https://redirect.github.com/nrwl/nx/pull/29088))
- **misc:** update artifact generator option descriptions and cleanup leftovers ([#​29077](https://redirect.github.com/nrwl/nx/pull/29077))
- **module-federation:** use 'hoisted' runtime for node to prevent issues with eager sharing ([#​29104](https://redirect.github.com/nrwl/nx/pull/29104))
- **nest:** Fix generators (guard, interceptor etc...) path to not duplicate when provided ([#​29084](https://redirect.github.com/nrwl/nx/pull/29084))
- **nest:** update project config to enable artifacts to be built as dev ([#​29110](https://redirect.github.com/nrwl/nx/pull/29110))
- **nextjs:** ensure next apps config is correctly checked when using jest ([#​29066](https://redirect.github.com/nrwl/nx/pull/29066))
- **nextjs:** Add support for next.config.ts for executors ([#​29071](https://redirect.github.com/nrwl/nx/pull/29071))
##### ❤️ Thank You
- Colum Ferry [@​Coly010](https://redirect.github.com/Coly010)
- Jason Jean [@​FrozenPandaz](https://redirect.github.com/FrozenPandaz)
- Juri [@​juristr](https://redirect.github.com/juristr)
- Leosvel Pérez Espinosa [@​leosvelperez](https://redirect.github.com/leosvelperez)
- MaxKless [@​MaxKless](https://redirect.github.com/MaxKless)
- Nicholas Cunningham [@​ndcunningham](https://redirect.github.com/ndcunningham)
</details>
<details>
<summary>openai/openai-node (openai)</summary>
### [`v4.74.0`](https://redirect.github.com/openai/openai-node/blob/HEAD/CHANGELOG.md#4740-2024-12-02)
[Compare Source](https://redirect.github.com/openai/openai-node/compare/v4.73.1...v4.74.0)
Full Changelog: [v4.73.1...v4.74.0](https://redirect.github.com/openai/openai-node/compare/v4.73.1...v4.74.0)
##### Features
- **internal:** make git install file structure match npm ([#​1204](https://redirect.github.com/openai/openai-node/issues/1204)) ([e7c4c6d](https://redirect.github.com/openai/openai-node/commit/e7c4c6d23adbe52300053a8d35db6e341c438703))
</details>
<details>
<summary>gpbl/react-day-picker (react-day-picker)</summary>
### [`v9.4.1`](https://redirect.github.com/gpbl/react-day-picker/releases/tag/v9.4.1)
[Compare Source](https://redirect.github.com/gpbl/react-day-picker/compare/v9.4.0...v9.4.1)
This release improves support for screen readers and fixes a VoiceOver issue when navigating the calendar.
#### What's Changed
- fix(a11y): improve screen reader and VoiceOver support by [@​gpbl](https://redirect.github.com/gpbl) in [https://github.com/gpbl/react-day-picker/pull/2609](https://redirect.github.com/gpbl/react-day-picker/pull/2609)
- feat(a11y): added `role` and `aria-label` props by [@​gpbl](https://redirect.github.com/gpbl) in [https://github.com/gpbl/react-day-picker/pull/2609](https://redirect.github.com/gpbl/react-day-picker/pull/2609)
- chore(style): remove unused CSS variable by [@​gpbl](https://redirect.github.com/gpbl) in [https://github.com/gpbl/react-day-picker/pull/2610](https://redirect.github.com/gpbl/react-day-picker/pull/2610)
- chore: use callbacks for dropdown event handlers by [@​gpbl](https://redirect.github.com/gpbl) in [https://github.com/gpbl/react-day-picker/pull/2602](https://redirect.github.com/gpbl/react-day-picker/pull/2602)
**Full Changelog**: https://github.com/gpbl/react-day-picker/compare/v9.4.0...v9.4.1
</details>
<details>
<summary>i18next/react-i18next (react-i18next)</summary>
### [`v15.1.3`](https://redirect.github.com/i18next/react-i18next/blob/HEAD/CHANGELOG.md#1513)
[Compare Source](https://redirect.github.com/i18next/react-i18next/compare/v15.1.2...v15.1.3)
- fix: Self-closing REACT components in translation strings should not attempt to replace the component's children [1815](https://redirect.github.com/i18next/react-i18next/issues/1815) [1816](https://redirect.github.com/i18next/react-i18next/pull/1816)
</details>
<details>
<summary>petyosi/react-virtuoso (react-virtuoso)</summary>
### [`v4.12.3`](https://redirect.github.com/petyosi/react-virtuoso/releases/tag/v4.12.3)
[Compare Source](https://redirect.github.com/petyosi/react-virtuoso/compare/v4.12.2...v4.12.3)
##### Bug Fixes
- **gridSystem.ts:** call onEndReached when the data is less than cont… ([#​1166](https://redirect.github.com/petyosi/react-virtuoso/issues/1166)) ([7a80ea2](https://redirect.github.com/petyosi/react-virtuoso/commit/7a80ea20b14fde47534a997558e80dceaaa0d30f))
</details>
<details>
<summary>tinylibs/tinybench (tinybench)</summary>
### [`v3.0.7`](https://redirect.github.com/tinylibs/tinybench/releases/tag/v3.0.7)
[Compare Source](https://redirect.github.com/tinylibs/tinybench/compare/v3.0.6...v3.0.7)
##### 🐞 Bug Fixes
- Do not allow task override by name - by [@​jerome-benoit](https://redirect.github.com/jerome-benoit) in [https://github.com/tinylibs/tinybench/issues/197](https://redirect.github.com/tinylibs/tinybench/issues/197) [<samp>(b40fe)</samp>](https://redirect.github.com/tinylibs/tinybench/commit/b40fedb)
##### [View changes on GitHub](https://redirect.github.com/tinylibs/tinybench/compare/v3.0.6...v3.0.7)
</details>
<details>
<summary>TypeStrong/TypeDoc (typedoc)</summary>
### [`v0.27.2`](https://redirect.github.com/TypeStrong/TypeDoc/blob/HEAD/CHANGELOG.md#v0272-2024-11-29)
[Compare Source](https://redirect.github.com/TypeStrong/TypeDoc/compare/v0.27.1...v0.27.2)
##### Bug Fixes
- Fix crash with TypeScript 5.5.x, [#​2789](https://redirect.github.com/TypeStrong/TypeDoc/issues/2789).
</details>
<details>
<summary>vitejs/vite (vite)</summary>
### [`v6.0.2`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small602-2024-12-02-small)
[Compare Source](https://redirect.github.com/vitejs/vite/compare/v6.0.1...v6.0.2)
- chore: run typecheck in unit tests ([#​18858](https://redirect.github.com/vitejs/vite/issues/18858)) ([49f20bb](https://redirect.github.com/vitejs/vite/commit/49f20bb77749ec7b44344fd9c42d593ae20c78f0)), closes [#​18858](https://redirect.github.com/vitejs/vite/issues/18858)
- chore: update broken links in changelog ([#​18802](https://redirect.github.com/vitejs/vite/issues/18802)) ([cb754f8](https://redirect.github.com/vitejs/vite/commit/cb754f8acc1b579dae9fe70a08e3ef53984402cc)), closes [#​18802](https://redirect.github.com/vitejs/vite/issues/18802)
- chore: update broken links in changelog ([#​18804](https://redirect.github.com/vitejs/vite/issues/18804)) ([47ec49f](https://redirect.github.com/vitejs/vite/commit/47ec49ffa170cac5d04cf2eef01f45e0b5ccde03)), closes [#​18804](https://redirect.github.com/vitejs/vite/issues/18804)
- fix: don't store temporary vite config file in `node_modules` if deno ([#​18823](https://redirect.github.com/vitejs/vite/issues/18823)) ([a20267b](https://redirect.github.com/vitejs/vite/commit/a20267bb93118468a2e20f0f77b77ed7bfa94165)), closes [#​18823](https://redirect.github.com/vitejs/vite/issues/18823)
- fix(css): referencing aliased svg asset with lightningcss enabled errored ([#​18819](https://redirect.github.com/vitejs/vite/issues/18819)) ([ae68958](https://redirect.github.com/vitejs/vite/commit/ae6895869157e48b32088f0a1f85d2fddb2d713f)), closes [#​18819](https://redirect.github.com/vitejs/vite/issues/18819)
- fix(manifest): use `style.css` as a key for the style file for `cssCodesplit: false` ([#​18820](https://redirect.github.com/vitejs/vite/issues/18820)) ([ec51115](https://redirect.github.com/vitejs/vite/commit/ec511152558cb573acf55e88e5244bdead1b5a17)), closes [#​18820](https://redirect.github.com/vitejs/vite/issues/18820)
- fix(optimizer): resolve all promises when cancelled ([#​18826](https://redirect.github.com/vitejs/vite/issues/18826)) ([d6e6194](https://redirect.github.com/vitejs/vite/commit/d6e6194706f0e3a889caa9303de2293cc0f131b2)), closes [#​18826](https://redirect.github.com/vitejs/vite/issues/18826)
- fix(resolve): don't set builtinModules to `external` by default ([#​18821](https://redirect.github.com/vitejs/vite/issues/18821)) ([2250ffa](https://redirect.github.com/vitejs/vite/commit/2250ffac62e55c89232d745d2f99ece539be9195)), closes [#​18821](https://redirect.github.com/vitejs/vite/issues/18821)
- fix(ssr): set `ssr.target: 'webworker'` defaults as fallback ([#​18827](https://redirect.github.com/vitejs/vite/issues/18827)) ([b39e696](https://redirect.github.com/vitejs/vite/commit/b39e69638b3e2e658ff6712be83b549b28103c3d)), closes [#​18827](https://redirect.github.com/vitejs/vite/issues/18827)
- feat(css): format lightningcss error ([#​18818](https://redirect.github.com/vitejs/vite/issues/18818)) ([dac7992](https://redirect.github.com/vitejs/vite/commit/dac7992e8725234007c7515f86f543992874c7b8)), closes [#​18818](https://redirect.github.com/vitejs/vite/issues/18818)
- refactor: make properties of ResolvedServerOptions and ResolvedPreviewOptions required ([#​18796](https://redirect.github.com/vitejs/vite/issues/18796)) ([51a5569](https://redirect.github.com/vitejs/vite/commit/51a5569e66bd7f0de79ac14b9e902d1382ccd0aa)), closes [#​18796](https://redirect.github.com/vitejs/vite/issues/18796)
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xOS4wIiwidXBkYXRlZEluVmVyIjoiMzkuNDIuNCIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-12-03 09:31:12 +03:00
|
|
|
version = 4
|
2023-05-10 12:16:48 +03:00
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "addr2line"
|
2024-11-09 06:39:11 +03:00
|
|
|
version = "0.24.2"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-09 06:39:11 +03:00
|
|
|
checksum = "dfbe277e56a376000877090da837660b4427aad530e3028d44e0bffe4f89a1c1"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"gimli",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2024-09-13 10:11:05 +03:00
|
|
|
name = "adler2"
|
|
|
|
version = "2.0.0"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-13 10:11:05 +03:00
|
|
|
checksum = "512761e0bb2578dd7380c6baaa0f4ce03e84f95e960231d1dec8bf4d7d6e2627"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
2024-11-18 16:18:16 +03:00
|
|
|
[[package]]
|
|
|
|
name = "affine_common"
|
|
|
|
version = "0.1.0"
|
|
|
|
dependencies = [
|
|
|
|
"chrono",
|
2024-12-13 09:13:05 +03:00
|
|
|
"criterion2",
|
2024-11-18 16:18:16 +03:00
|
|
|
"rand",
|
|
|
|
"rayon",
|
|
|
|
"sha3",
|
|
|
|
]
|
|
|
|
|
2024-12-10 06:43:34 +03:00
|
|
|
[[package]]
|
|
|
|
name = "affine_mobile_native"
|
|
|
|
version = "0.0.0"
|
|
|
|
dependencies = [
|
|
|
|
"affine_common",
|
|
|
|
"uniffi",
|
|
|
|
]
|
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
2023-05-10 13:38:23 +03:00
|
|
|
name = "affine_native"
|
2023-05-10 12:16:48 +03:00
|
|
|
version = "0.0.0"
|
|
|
|
dependencies = [
|
2024-11-18 16:18:16 +03:00
|
|
|
"affine_common",
|
2024-12-13 09:13:05 +03:00
|
|
|
"affine_nbstore",
|
|
|
|
"affine_sqlite_v1",
|
|
|
|
"napi",
|
|
|
|
"napi-build",
|
|
|
|
"napi-derive",
|
|
|
|
"once_cell",
|
|
|
|
"sqlx",
|
|
|
|
"tokio",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "affine_nbstore"
|
|
|
|
version = "0.0.0"
|
|
|
|
dependencies = [
|
2023-06-07 09:52:19 +03:00
|
|
|
"affine_schema",
|
2023-05-10 12:16:48 +03:00
|
|
|
"anyhow",
|
2023-06-07 09:52:19 +03:00
|
|
|
"chrono",
|
2024-12-13 09:13:05 +03:00
|
|
|
"dotenvy",
|
2023-05-10 12:16:48 +03:00
|
|
|
"napi",
|
|
|
|
"napi-build",
|
|
|
|
"napi-derive",
|
2023-06-07 09:52:19 +03:00
|
|
|
"sqlx",
|
2023-05-10 12:16:48 +03:00
|
|
|
"tokio",
|
|
|
|
]
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
|
|
|
name = "affine_schema"
|
|
|
|
version = "0.0.0"
|
2024-12-13 09:13:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"sqlx",
|
|
|
|
]
|
2023-06-07 09:52:19 +03:00
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
2024-04-29 05:14:20 +03:00
|
|
|
name = "affine_server_native"
|
2023-08-29 13:07:05 +03:00
|
|
|
version = "1.0.0"
|
|
|
|
dependencies = [
|
2024-11-18 16:18:16 +03:00
|
|
|
"affine_common",
|
2023-10-18 11:06:07 +03:00
|
|
|
"chrono",
|
2024-04-29 07:46:26 +03:00
|
|
|
"file-format",
|
2024-05-16 10:55:10 +03:00
|
|
|
"mimalloc",
|
2023-08-29 13:07:05 +03:00
|
|
|
"napi",
|
|
|
|
"napi-build",
|
|
|
|
"napi-derive",
|
2023-10-18 11:06:07 +03:00
|
|
|
"rand",
|
2024-11-14 13:22:38 +03:00
|
|
|
"rayon",
|
2023-10-18 11:06:07 +03:00
|
|
|
"sha3",
|
2024-05-16 10:55:10 +03:00
|
|
|
"tiktoken-rs",
|
2023-10-18 11:06:07 +03:00
|
|
|
"tokio",
|
2024-09-10 07:03:58 +03:00
|
|
|
"v_htmlescape",
|
2024-01-31 09:54:33 +03:00
|
|
|
"y-octo",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
2024-12-13 09:13:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "affine_sqlite_v1"
|
|
|
|
version = "0.0.0"
|
|
|
|
dependencies = [
|
|
|
|
"affine_schema",
|
|
|
|
"anyhow",
|
|
|
|
"chrono",
|
|
|
|
"dotenvy",
|
|
|
|
"napi",
|
|
|
|
"napi-build",
|
|
|
|
"napi-derive",
|
|
|
|
"sqlx",
|
|
|
|
"tokio",
|
|
|
|
]
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
|
|
|
name = "ahash"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.8.11"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "e89da841a80418a9b391ebaea17f5c112ffaaa96f621d2c285b5174da76b9011"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"cfg-if",
|
2023-09-04 10:31:00 +03:00
|
|
|
"getrandom",
|
2023-06-07 09:52:19 +03:00
|
|
|
"once_cell",
|
|
|
|
"version_check",
|
2023-11-27 10:24:07 +03:00
|
|
|
"zerocopy",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "aho-corasick"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "1.1.3"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"memchr",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "allocator-api2"
|
2024-12-03 19:24:21 +03:00
|
|
|
version = "0.2.21"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-03 19:24:21 +03:00
|
|
|
checksum = "683d7910e743518b0e34f1186f92494becacb047c7b6bf616c96772180fef923"
|
2023-06-07 09:52:19 +03:00
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "android-tzdata"
|
|
|
|
version = "0.1.1"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-29 13:07:05 +03:00
|
|
|
checksum = "e999941b234f3131b00bc13c22d06e8c5ff726d1b6318ac7eb276997bbb4fef0"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "android_system_properties"
|
|
|
|
version = "0.1.5"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-29 13:07:05 +03:00
|
|
|
checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311"
|
|
|
|
dependencies = [
|
|
|
|
"libc",
|
|
|
|
]
|
2023-06-07 09:52:19 +03:00
|
|
|
|
2024-12-10 06:43:34 +03:00
|
|
|
[[package]]
|
|
|
|
name = "anes"
|
|
|
|
version = "0.2.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "735d4f398ca57cfa2880225c2bf81c3b9af3be5bb22e44ae70118dad38713e84"
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "anstream"
|
|
|
|
version = "0.6.18"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "8acc5369981196006228e28809f761875c0327210a891e941f4c683b3a99529b"
|
|
|
|
dependencies = [
|
|
|
|
"anstyle",
|
|
|
|
"anstyle-parse",
|
|
|
|
"anstyle-query",
|
|
|
|
"anstyle-wincon",
|
|
|
|
"colorchoice",
|
|
|
|
"is_terminal_polyfill",
|
|
|
|
"utf8parse",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "anstyle"
|
|
|
|
version = "1.0.10"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "55cc3b69f167a1ef2e161439aa98aed94e6028e5f9a59be9a6ffb47aef1651f9"
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "anstyle-parse"
|
|
|
|
version = "0.2.6"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "3b2d16507662817a6a20a9ea92df6652ee4f94f914589377d69f3b21bc5798a9"
|
|
|
|
dependencies = [
|
|
|
|
"utf8parse",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "anstyle-query"
|
|
|
|
version = "1.1.2"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "79947af37f4177cfead1110013d678905c37501914fba0efea834c3fe9a8d60c"
|
|
|
|
dependencies = [
|
|
|
|
"windows-sys 0.59.0",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "anstyle-wincon"
|
|
|
|
version = "3.0.6"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "2109dbce0e72be3ec00bed26e6a7479ca384ad226efdd66db8fa2e3a38c83125"
|
|
|
|
dependencies = [
|
|
|
|
"anstyle",
|
|
|
|
"windows-sys 0.59.0",
|
|
|
|
]
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "anyhow"
|
2024-12-12 18:45:43 +03:00
|
|
|
version = "1.0.94"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-12 18:45:43 +03:00
|
|
|
checksum = "c1fd03a028ef38ba2276dce7e33fcd6369c158a1bca17946c4b1b701891c1ff7"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
2023-05-17 07:36:51 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "arbitrary"
|
2024-11-09 06:39:11 +03:00
|
|
|
version = "1.4.1"
|
2023-05-17 07:36:51 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-09 06:39:11 +03:00
|
|
|
checksum = "dde20b3d026af13f561bdd0f15edf01fc734f0dafcedbaf42bba506a9517f223"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"derive_arbitrary",
|
|
|
|
]
|
2023-05-17 07:36:51 +03:00
|
|
|
|
2024-12-10 06:43:34 +03:00
|
|
|
[[package]]
|
|
|
|
name = "askama"
|
|
|
|
version = "0.12.1"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "b79091df18a97caea757e28cd2d5fda49c6cd4bd01ddffd7ff01ace0c0ad2c28"
|
|
|
|
dependencies = [
|
|
|
|
"askama_derive",
|
|
|
|
"askama_escape",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "askama_derive"
|
|
|
|
version = "0.12.5"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "19fe8d6cb13c4714962c072ea496f3392015f0989b1a2847bb4b2d9effd71d83"
|
|
|
|
dependencies = [
|
|
|
|
"askama_parser",
|
|
|
|
"basic-toml",
|
|
|
|
"mime",
|
|
|
|
"mime_guess",
|
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
|
|
|
"serde",
|
|
|
|
"syn",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "askama_escape"
|
|
|
|
version = "0.10.3"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "619743e34b5ba4e9703bba34deac3427c72507c7159f5fd030aea8cac0cfe341"
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "askama_parser"
|
|
|
|
version = "0.2.1"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "acb1161c6b64d1c3d83108213c2a2533a342ac225aabd0bda218278c2ddb00c0"
|
|
|
|
dependencies = [
|
|
|
|
"nom",
|
|
|
|
]
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "atoi"
|
|
|
|
version = "2.0.0"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-29 13:07:05 +03:00
|
|
|
checksum = "f28d99ec8bfea296261ca1af174f24225171fea9664ba9003cbebee704810528"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"num-traits",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "autocfg"
|
2024-10-07 20:20:37 +03:00
|
|
|
version = "1.4.0"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-10-07 20:20:37 +03:00
|
|
|
checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "backtrace"
|
2024-09-13 10:11:05 +03:00
|
|
|
version = "0.3.74"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-13 10:11:05 +03:00
|
|
|
checksum = "8d82cb332cdfaed17ae235a638438ac4d4839913cc2af585c3c6746e8f8bee1a"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"addr2line",
|
2023-05-10 12:16:48 +03:00
|
|
|
"cfg-if",
|
2023-08-29 13:07:05 +03:00
|
|
|
"libc",
|
|
|
|
"miniz_oxide",
|
|
|
|
"object",
|
|
|
|
"rustc-demangle",
|
2024-09-13 10:11:05 +03:00
|
|
|
"windows-targets 0.52.6",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "base64"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.21.7"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567"
|
2023-06-07 09:52:19 +03:00
|
|
|
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
[[package]]
|
|
|
|
name = "base64"
|
|
|
|
version = "0.22.1"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6"
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "base64ct"
|
|
|
|
version = "1.6.0"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-29 13:07:05 +03:00
|
|
|
checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b"
|
2023-06-07 09:52:19 +03:00
|
|
|
|
2024-12-10 06:43:34 +03:00
|
|
|
[[package]]
|
|
|
|
name = "basic-toml"
|
|
|
|
version = "0.1.9"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "823388e228f614e9558c6804262db37960ec8821856535f5c3f59913140558f8"
|
|
|
|
dependencies = [
|
|
|
|
"serde",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "bincode"
|
|
|
|
version = "1.3.3"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "b1f45e9417d87227c7a56d22e471c6206462cba514c7590c09aff4cf6d1ddcad"
|
|
|
|
dependencies = [
|
|
|
|
"serde",
|
|
|
|
]
|
|
|
|
|
2024-05-16 10:55:10 +03:00
|
|
|
[[package]]
|
|
|
|
name = "bit-set"
|
|
|
|
version = "0.5.3"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "0700ddab506f33b20a03b13996eccd309a48e5ff77d0d95926aa0210fb4e95f1"
|
|
|
|
dependencies = [
|
|
|
|
"bit-vec",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "bit-vec"
|
|
|
|
version = "0.6.3"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "349f9b6a179ed607305526ca489b34ad0a41aed5f7980fa90eb03160b69598fb"
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "bitflags"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "2.6.0"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"serde",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "bitvec"
|
|
|
|
version = "1.0.1"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-29 13:07:05 +03:00
|
|
|
checksum = "1bc2832c24239b0141d5674bb9174f9d68a8b5b3f2753311927c172ca46f7e9c"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"funty",
|
|
|
|
"radium",
|
|
|
|
"tap",
|
|
|
|
"wyz",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "block-buffer"
|
|
|
|
version = "0.10.4"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-29 13:07:05 +03:00
|
|
|
checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"generic-array",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
2024-12-10 06:43:34 +03:00
|
|
|
[[package]]
|
|
|
|
name = "bpaf"
|
|
|
|
version = "0.9.15"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "50fd5174866dc2fa2ddc96e8fb800852d37f064f32a45c7b7c2f8fa2c64c77fa"
|
|
|
|
|
2024-05-16 10:55:10 +03:00
|
|
|
[[package]]
|
|
|
|
name = "bstr"
|
2024-12-13 16:04:06 +03:00
|
|
|
version = "1.11.1"
|
2024-05-16 10:55:10 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-13 16:04:06 +03:00
|
|
|
checksum = "786a307d683a5bf92e6fd5fd69a7eb613751668d1d8d67d802846dfe367c62c8"
|
2024-05-16 10:55:10 +03:00
|
|
|
dependencies = [
|
|
|
|
"memchr",
|
2024-11-28 06:26:09 +03:00
|
|
|
"regex-automata 0.4.9",
|
2024-05-16 10:55:10 +03:00
|
|
|
"serde",
|
|
|
|
]
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "bumpalo"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "3.16.0"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c"
|
2023-06-07 09:52:19 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "byteorder"
|
2023-10-11 10:36:45 +03:00
|
|
|
version = "1.5.0"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-10-11 10:36:45 +03:00
|
|
|
checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "bytes"
|
2024-12-03 19:24:21 +03:00
|
|
|
version = "1.9.0"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-03 19:24:21 +03:00
|
|
|
checksum = "325918d6fe32f23b19878fe4b34794ae41fc19ddbe53b10571a4874d44ffd39b"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
2024-12-10 06:43:34 +03:00
|
|
|
[[package]]
|
|
|
|
name = "camino"
|
|
|
|
version = "1.1.9"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "8b96ec4966b5813e2c0507c1f86115c8c5abaadc3980879c3424042a02fd1ad3"
|
|
|
|
dependencies = [
|
|
|
|
"serde",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "cargo-platform"
|
2024-12-13 16:04:06 +03:00
|
|
|
version = "0.1.9"
|
2024-12-10 06:43:34 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-13 16:04:06 +03:00
|
|
|
checksum = "e35af189006b9c0f00a064685c727031e3ed2d8020f7ba284d78cc2671bd36ea"
|
2024-12-10 06:43:34 +03:00
|
|
|
dependencies = [
|
|
|
|
"serde",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "cargo_metadata"
|
|
|
|
version = "0.15.4"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "eee4243f1f26fc7a42710e7439c149e2b10b05472f88090acce52632f231a73a"
|
|
|
|
dependencies = [
|
|
|
|
"camino",
|
|
|
|
"cargo-platform",
|
|
|
|
"semver",
|
|
|
|
"serde",
|
|
|
|
"serde_json",
|
|
|
|
"thiserror",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "cast"
|
|
|
|
version = "0.3.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "37b2a672a2cb129a2e41c10b1224bb368f9f37a2b16b612598138befd7b37eb5"
|
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "cc"
|
2024-12-13 16:04:06 +03:00
|
|
|
version = "1.2.3"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-13 16:04:06 +03:00
|
|
|
checksum = "27f657647bcff5394bf56c7317665bbf790a137a50eaaa5c6bfbb9e27a518f2d"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
dependencies = [
|
|
|
|
"shlex",
|
|
|
|
]
|
2023-05-10 12:16:48 +03:00
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "cfg-if"
|
|
|
|
version = "1.0.0"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-29 13:07:05 +03:00
|
|
|
checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
|
2023-06-07 09:52:19 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "chrono"
|
2024-12-12 18:45:43 +03:00
|
|
|
version = "0.4.39"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-12 18:45:43 +03:00
|
|
|
checksum = "7e36cc9d416881d2e24f9a963be5fb1cd90966419ac844274161d10488b3e825"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"android-tzdata",
|
|
|
|
"iana-time-zone",
|
|
|
|
"js-sys",
|
|
|
|
"num-traits",
|
|
|
|
"wasm-bindgen",
|
2024-09-03 10:42:54 +03:00
|
|
|
"windows-targets 0.52.6",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
2024-12-10 06:43:34 +03:00
|
|
|
[[package]]
|
|
|
|
name = "ciborium"
|
|
|
|
version = "0.2.2"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "42e69ffd6f0917f5c029256a24d0161db17cea3997d185db0d35926308770f0e"
|
|
|
|
dependencies = [
|
|
|
|
"ciborium-io",
|
|
|
|
"ciborium-ll",
|
|
|
|
"serde",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "ciborium-io"
|
|
|
|
version = "0.2.2"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "05afea1e0a06c9be33d539b876f1ce3692f4afea2cb41f740e7743225ed1c757"
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "ciborium-ll"
|
|
|
|
version = "0.2.2"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "57663b653d948a338bfb3eeba9bb2fd5fcfaecb9e199e87e1eda4d9e8b240fd9"
|
|
|
|
dependencies = [
|
|
|
|
"ciborium-io",
|
|
|
|
"half",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "clap"
|
2024-12-13 16:04:06 +03:00
|
|
|
version = "4.5.23"
|
2024-12-10 06:43:34 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-13 16:04:06 +03:00
|
|
|
checksum = "3135e7ec2ef7b10c6ed8950f0f792ed96ee093fa088608f1c76e569722700c84"
|
2024-12-10 06:43:34 +03:00
|
|
|
dependencies = [
|
|
|
|
"clap_builder",
|
|
|
|
"clap_derive",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "clap_builder"
|
2024-12-13 16:04:06 +03:00
|
|
|
version = "4.5.23"
|
2024-12-10 06:43:34 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-13 16:04:06 +03:00
|
|
|
checksum = "30582fc632330df2bd26877bde0c1f4470d57c582bbc070376afcd04d8cb4838"
|
2024-12-10 06:43:34 +03:00
|
|
|
dependencies = [
|
|
|
|
"anstream",
|
|
|
|
"anstyle",
|
|
|
|
"clap_lex",
|
|
|
|
"strsim",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "clap_derive"
|
|
|
|
version = "4.5.18"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "4ac6a0c7b1a9e9a5186361f67dfa1b88213572f427fb9ab038efb2bd8c582dab"
|
|
|
|
dependencies = [
|
|
|
|
"heck",
|
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
|
|
|
"syn",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "clap_lex"
|
2024-12-13 16:04:06 +03:00
|
|
|
version = "0.7.4"
|
2024-12-10 06:43:34 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-13 16:04:06 +03:00
|
|
|
checksum = "f46ad14479a25103f283c0f10005961cf086d8dc42205bb44c46ac563475dca6"
|
2024-12-10 06:43:34 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "colorchoice"
|
|
|
|
version = "1.0.3"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "5b63caa9aa9397e2d9480a9b13673856c78d8ac123288526c37d7839f2a86990"
|
|
|
|
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
[[package]]
|
|
|
|
name = "concurrent-queue"
|
|
|
|
version = "2.5.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "4ca0197aee26d1ae37445ee532fefce43251d24cc7c166799f4d46817f1d3973"
|
|
|
|
dependencies = [
|
|
|
|
"crossbeam-utils",
|
|
|
|
]
|
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "const-oid"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.9.6"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"
|
2023-06-07 09:52:19 +03:00
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "convert_case"
|
|
|
|
version = "0.6.0"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-29 13:07:05 +03:00
|
|
|
checksum = "ec182b0ca2f35d8fc196cf3404988fd8b8c739a4d270ff118a398feb0cbec1ca"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"unicode-segmentation",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "core-foundation-sys"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.8.7"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "cpufeatures"
|
2024-11-28 06:26:09 +03:00
|
|
|
version = "0.2.16"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-28 06:26:09 +03:00
|
|
|
checksum = "16b80225097f2e5ae4e7179dd2266824648f3e2f49d9134d584b76389d31c4c3"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"libc",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "crc"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "3.2.1"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "69e6e4d7b33a94f0991c26729976b10ebde1d34c3ee82408fb536164fa10d636"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"crc-catalog",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "crc-catalog"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "2.4.0"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "19d374276b40fb8bbdee95aef7c7fa6b5316ec764510eb64b8dd0e2ed0d7e7f5"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
2024-12-10 06:43:34 +03:00
|
|
|
[[package]]
|
|
|
|
name = "criterion2"
|
|
|
|
version = "2.0.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "09db22066fd79bd628faf416dac96e44054deb00531601bcc20c6d12506b3701"
|
|
|
|
dependencies = [
|
|
|
|
"anes",
|
|
|
|
"bpaf",
|
|
|
|
"cast",
|
|
|
|
"ciborium",
|
|
|
|
"num-traits",
|
|
|
|
"oorandom",
|
|
|
|
"serde",
|
|
|
|
"serde_json",
|
|
|
|
"walkdir",
|
|
|
|
]
|
|
|
|
|
2024-11-14 13:22:38 +03:00
|
|
|
[[package]]
|
|
|
|
name = "crossbeam-deque"
|
|
|
|
version = "0.8.5"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "613f8cc01fe9cf1a3eb3d7f488fd2fa8388403e97039e2f73692932e291a770d"
|
|
|
|
dependencies = [
|
|
|
|
"crossbeam-epoch",
|
|
|
|
"crossbeam-utils",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "crossbeam-epoch"
|
|
|
|
version = "0.9.18"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e"
|
|
|
|
dependencies = [
|
|
|
|
"crossbeam-utils",
|
|
|
|
]
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "crossbeam-queue"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.3.11"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "df0346b5d5e76ac2fe4e327c5fd1118d6be7c51dfb18f9b7922923f287471e35"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"crossbeam-utils",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "crossbeam-utils"
|
2024-05-21 08:08:34 +03:00
|
|
|
version = "0.8.20"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-21 08:08:34 +03:00
|
|
|
checksum = "22ec99545bb0ed0ea7bb9b8e1e9122ea386ff8a48c0922e43f36d45ab09e0e80"
|
2023-06-07 09:52:19 +03:00
|
|
|
|
2024-12-10 06:43:34 +03:00
|
|
|
[[package]]
|
|
|
|
name = "crunchy"
|
|
|
|
version = "0.2.2"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "7a81dae078cea95a014a339291cec439d2f232ebe854a9d672b796c6afafa9b7"
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "crypto-common"
|
|
|
|
version = "0.1.6"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-29 13:07:05 +03:00
|
|
|
checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"generic-array",
|
|
|
|
"typenum",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "ctor"
|
2024-11-28 06:26:09 +03:00
|
|
|
version = "0.2.9"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-28 06:26:09 +03:00
|
|
|
checksum = "32a2785755761f3ddc1492979ce1e48d2c00d09311c39e4466429188f3dd6501"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"quote",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"syn",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "dashmap"
|
2024-09-13 10:11:05 +03:00
|
|
|
version = "6.1.0"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-13 10:11:05 +03:00
|
|
|
checksum = "5041cc499144891f3790297212f32a74fb938e5136a14943f338ef9e0ae276cf"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"cfg-if",
|
2024-09-03 10:42:54 +03:00
|
|
|
"crossbeam-utils",
|
2024-11-09 06:39:11 +03:00
|
|
|
"hashbrown 0.14.5",
|
2023-08-29 13:07:05 +03:00
|
|
|
"lock_api",
|
|
|
|
"once_cell",
|
|
|
|
"parking_lot_core",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "der"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.7.9"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "f55bf8e7b65898637379c1b74eb1551107c8294ed26d855ceb9fd1a09cfc9bc0"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"const-oid",
|
|
|
|
"pem-rfc7468",
|
|
|
|
"zeroize",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "derive_arbitrary"
|
2024-11-09 06:39:11 +03:00
|
|
|
version = "1.4.1"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-09 06:39:11 +03:00
|
|
|
checksum = "30542c1ad912e0e3d22a1935c290e12e8a29d704a420177a31faad4a601a0800"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"syn",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "digest"
|
|
|
|
version = "0.10.7"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-29 13:07:05 +03:00
|
|
|
checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
|
|
|
|
dependencies = [
|
|
|
|
"block-buffer",
|
|
|
|
"const-oid",
|
|
|
|
"crypto-common",
|
|
|
|
"subtle",
|
|
|
|
]
|
2023-06-07 09:52:19 +03:00
|
|
|
|
2024-11-09 06:39:11 +03:00
|
|
|
[[package]]
|
|
|
|
name = "displaydoc"
|
|
|
|
version = "0.2.5"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0"
|
|
|
|
dependencies = [
|
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
|
|
|
"syn",
|
|
|
|
]
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "dotenvy"
|
|
|
|
version = "0.15.7"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-29 13:07:05 +03:00
|
|
|
checksum = "1aaf95b3e5c8f23aa320147307562d361db0ae0d51242340f558153b4eb2439b"
|
2023-06-07 09:52:19 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "either"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "1.13.0"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "60b1af1c220855b6ceac025d3f6ecdd2b7c4894bfe9cd9bda4fbb4bc7c0d4cf0"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"serde",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "equivalent"
|
|
|
|
version = "1.0.1"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-29 13:07:05 +03:00
|
|
|
checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5"
|
2023-06-07 09:52:19 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "errno"
|
2024-12-03 19:24:21 +03:00
|
|
|
version = "0.3.10"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-03 19:24:21 +03:00
|
|
|
checksum = "33d852cb9b869c2a9b3df2f71a3074817f01e1844f839a144f5fcef059a4eb5d"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"libc",
|
2024-12-03 19:24:21 +03:00
|
|
|
"windows-sys 0.59.0",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "etcetera"
|
|
|
|
version = "0.8.0"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-29 13:07:05 +03:00
|
|
|
checksum = "136d1b5283a1ab77bd9257427ffd09d8667ced0570b6f938942bc7568ed5b943"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"cfg-if",
|
|
|
|
"home",
|
2024-04-19 23:14:13 +03:00
|
|
|
"windows-sys 0.48.0",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "event-listener"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
version = "5.3.1"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
checksum = "6032be9bd27023a771701cc49f9f053c751055f71efb2e0ae5c15809093675ba"
|
|
|
|
dependencies = [
|
|
|
|
"concurrent-queue",
|
|
|
|
"parking",
|
|
|
|
"pin-project-lite",
|
|
|
|
]
|
2023-08-29 13:07:05 +03:00
|
|
|
|
2024-05-16 10:55:10 +03:00
|
|
|
[[package]]
|
|
|
|
name = "fancy-regex"
|
2024-10-29 10:31:23 +03:00
|
|
|
version = "0.13.0"
|
2024-05-16 10:55:10 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-10-29 10:31:23 +03:00
|
|
|
checksum = "531e46835a22af56d1e3b66f04844bed63158bc094a628bec1d321d9b4c44bf2"
|
2024-05-16 10:55:10 +03:00
|
|
|
dependencies = [
|
|
|
|
"bit-set",
|
2024-11-28 06:26:09 +03:00
|
|
|
"regex-automata 0.4.9",
|
2024-11-09 06:39:11 +03:00
|
|
|
"regex-syntax 0.8.5",
|
2024-05-16 10:55:10 +03:00
|
|
|
]
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "fastrand"
|
2024-12-13 16:04:06 +03:00
|
|
|
version = "2.3.0"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-13 16:04:06 +03:00
|
|
|
checksum = "37909eebbb50d72f9059c3b6d82c0463f2ff062c9e95845c43a6c9c0355411be"
|
2023-06-07 09:52:19 +03:00
|
|
|
|
2024-04-29 07:46:26 +03:00
|
|
|
[[package]]
|
|
|
|
name = "file-format"
|
chore: bump up all non-major dependencies (#8725)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type | Update |
|---|---|---|---|---|---|---|---|
| [@aws-sdk/client-s3](https://redirect.github.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://redirect.github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.686.0` -> `3.688.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.686.0/3.688.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.688.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.688.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.686.0/3.688.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.686.0/3.688.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@aws-sdk/client-s3](https://redirect.github.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://redirect.github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.686.0` -> `3.688.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.686.0/3.688.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.688.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.688.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.686.0/3.688.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.686.0/3.688.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@opentelemetry/exporter-prometheus](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-exporter-prometheus) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js)) | [`0.54.1` -> `0.54.2`](https://renovatebot.com/diffs/npm/@opentelemetry%2fexporter-prometheus/0.54.1/0.54.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fexporter-prometheus/0.54.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@opentelemetry%2fexporter-prometheus/0.54.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@opentelemetry%2fexporter-prometheus/0.54.1/0.54.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fexporter-prometheus/0.54.1/0.54.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [@opentelemetry/instrumentation](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-instrumentation) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js)) | [`0.54.1` -> `0.54.2`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation/0.54.1/0.54.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2finstrumentation/0.54.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@opentelemetry%2finstrumentation/0.54.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@opentelemetry%2finstrumentation/0.54.1/0.54.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2finstrumentation/0.54.1/0.54.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [@opentelemetry/instrumentation-http](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-instrumentation-http) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js)) | [`0.54.1` -> `0.54.2`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-http/0.54.1/0.54.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2finstrumentation-http/0.54.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@opentelemetry%2finstrumentation-http/0.54.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@opentelemetry%2finstrumentation-http/0.54.1/0.54.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2finstrumentation-http/0.54.1/0.54.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [@opentelemetry/sdk-node](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-sdk-node) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js)) | [`0.54.1` -> `0.54.2`](https://renovatebot.com/diffs/npm/@opentelemetry%2fsdk-node/0.54.1/0.54.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fsdk-node/0.54.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@opentelemetry%2fsdk-node/0.54.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@opentelemetry%2fsdk-node/0.54.1/0.54.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fsdk-node/0.54.1/0.54.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [@swc/core](https://swc.rs) ([source](https://redirect.github.com/swc-project/swc)) | [`1.9.1` -> `1.9.2`](https://renovatebot.com/diffs/npm/@swc%2fcore/1.9.1/1.9.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@swc%2fcore/1.9.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@swc%2fcore/1.9.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@swc%2fcore/1.9.1/1.9.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@swc%2fcore/1.9.1/1.9.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [cloudflare/wrangler-action](https://redirect.github.com/cloudflare/wrangler-action) | `v3.12.0` -> `v3.12.1` | [![age](https://developer.mend.io/api/mc/badges/age/github-tags/cloudflare%2fwrangler-action/v3.12.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/cloudflare%2fwrangler-action/v3.12.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/cloudflare%2fwrangler-action/v3.12.0/v3.12.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/cloudflare%2fwrangler-action/v3.12.0/v3.12.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | action | patch |
| [electron](https://redirect.github.com/electron/electron) | [`33.1.0` -> `33.2.0`](https://renovatebot.com/diffs/npm/electron/33.1.0/33.2.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/electron/33.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/electron/33.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/electron/33.1.0/33.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron/33.1.0/33.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [electron-log](https://redirect.github.com/megahertz/electron-log) | [`5.2.0` -> `5.2.2`](https://renovatebot.com/diffs/npm/electron-log/5.2.0/5.2.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/electron-log/5.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/electron-log/5.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/electron-log/5.2.0/5.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron-log/5.2.0/5.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [file-format](https://redirect.github.com/mmalecot/file-format) | `0.25` -> `0.26` | [![age](https://developer.mend.io/api/mc/badges/age/crate/file-format/0.26.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/file-format/0.26.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/file-format/0.25.0/0.26.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/file-format/0.25.0/0.26.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | minor |
| [html-validate](https://html-validate.org) ([source](https://gitlab.com/html-validate/html-validate)) | [`8.24.2` -> `8.25.0`](https://renovatebot.com/diffs/npm/html-validate/8.24.2/8.25.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/html-validate/8.25.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/html-validate/8.25.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/html-validate/8.24.2/8.25.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/html-validate/8.24.2/8.25.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [i18next](https://www.i18next.com) ([source](https://redirect.github.com/i18next/i18next)) | [`23.16.4` -> `23.16.5`](https://renovatebot.com/diffs/npm/i18next/23.16.4/23.16.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/i18next/23.16.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/i18next/23.16.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/i18next/23.16.4/23.16.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/i18next/23.16.4/23.16.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [keyv](https://redirect.github.com/jaredwray/keyv) | [`5.1.3` -> `5.2.1`](https://renovatebot.com/diffs/npm/keyv/5.1.3/5.2.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/keyv/5.2.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/keyv/5.2.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/keyv/5.1.3/5.2.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/keyv/5.1.3/5.2.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [lucide-react](https://lucide.dev) ([source](https://redirect.github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react)) | [`^0.454.0` -> `^0.456.0`](https://renovatebot.com/diffs/npm/lucide-react/0.454.0/0.456.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/lucide-react/0.456.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/lucide-react/0.456.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/lucide-react/0.454.0/0.456.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/lucide-react/0.454.0/0.456.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [mixpanel-browser](https://redirect.github.com/mixpanel/mixpanel-js) | [`2.55.1` -> `2.56.0`](https://renovatebot.com/diffs/npm/mixpanel-browser/2.55.1/2.56.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/mixpanel-browser/2.56.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/mixpanel-browser/2.56.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/mixpanel-browser/2.55.1/2.56.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/mixpanel-browser/2.55.1/2.56.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [msw](https://mswjs.io) ([source](https://redirect.github.com/mswjs/msw)) | [`2.6.1` -> `2.6.4`](https://renovatebot.com/diffs/npm/msw/2.6.1/2.6.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/msw/2.6.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/msw/2.6.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/msw/2.6.1/2.6.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/msw/2.6.1/2.6.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [napi-derive](https://redirect.github.com/napi-rs/napi-rs) | `3.0.0-alpha.17` -> `3.0.0-alpha.18` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi-derive/3.0.0-alpha.18?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi-derive/3.0.0-alpha.18?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi-derive/3.0.0-alpha.17/3.0.0-alpha.18?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi-derive/3.0.0-alpha.17/3.0.0-alpha.18?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [nx](https://nx.dev) ([source](https://redirect.github.com/nrwl/nx/tree/HEAD/packages/nx)) | [`20.0.10` -> `20.0.12`](https://renovatebot.com/diffs/npm/nx/20.0.10/20.0.12) | [![age](https://developer.mend.io/api/mc/badges/age/npm/nx/20.0.12?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/nx/20.0.12?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/nx/20.0.10/20.0.12?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nx/20.0.10/20.0.12?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [postcss](https://postcss.org/) ([source](https://redirect.github.com/postcss/postcss)) | [`8.4.47` -> `8.4.48`](https://renovatebot.com/diffs/npm/postcss/8.4.47/8.4.48) | [![age](https://developer.mend.io/api/mc/badges/age/npm/postcss/8.4.48?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/postcss/8.4.48?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/postcss/8.4.47/8.4.48?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/postcss/8.4.47/8.4.48?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [react-hook-form](https://www.react-hook-form.com) ([source](https://redirect.github.com/react-hook-form/react-hook-form)) | [`7.53.1` -> `7.53.2`](https://renovatebot.com/diffs/npm/react-hook-form/7.53.1/7.53.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-hook-form/7.53.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-hook-form/7.53.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-hook-form/7.53.1/7.53.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-hook-form/7.53.1/7.53.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [react-i18next](https://redirect.github.com/i18next/react-i18next) | [`15.1.0` -> `15.1.1`](https://renovatebot.com/diffs/npm/react-i18next/15.1.0/15.1.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-i18next/15.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-i18next/15.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-i18next/15.1.0/15.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-i18next/15.1.0/15.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [tokio](https://tokio.rs) ([source](https://redirect.github.com/tokio-rs/tokio)) | `1.41.0` -> `1.41.1` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.41.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.41.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.41.0/1.41.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.41.0/1.41.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dev-dependencies | patch |
| [tokio](https://tokio.rs) ([source](https://redirect.github.com/tokio-rs/tokio)) | `1.41.0` -> `1.41.1` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.41.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.41.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.41.0/1.41.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.41.0/1.41.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [uuid](https://redirect.github.com/uuidjs/uuid) | [`11.0.2` -> `11.0.3`](https://renovatebot.com/diffs/npm/uuid/11.0.2/11.0.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/uuid/11.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/uuid/11.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/uuid/11.0.2/11.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/uuid/11.0.2/11.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [vite](https://vite.dev) ([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite)) | [`5.4.10` -> `5.4.11`](https://renovatebot.com/diffs/npm/vite/5.4.10/5.4.11) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite/5.4.11?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/5.4.11?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/5.4.10/5.4.11?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/5.4.10/5.4.11?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [wrangler](https://redirect.github.com/cloudflare/workers-sdk) ([source](https://redirect.github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler)) | [`3.85.0` -> `3.86.0`](https://renovatebot.com/diffs/npm/wrangler/3.85.0/3.86.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/wrangler/3.86.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/wrangler/3.86.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/wrangler/3.85.0/3.86.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/wrangler/3.85.0/3.86.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
---
### Release Notes
<details>
<summary>aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)</summary>
### [`v3.688.0`](https://redirect.github.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#36880-2024-11-08)
[Compare Source](https://redirect.github.com/aws/aws-sdk-js-v3/compare/v3.687.0...v3.688.0)
**Note:** Version bump only for package [@​aws-sdk/client-s3](https://redirect.github.com/aws-sdk/client-s3)
### [`v3.687.0`](https://redirect.github.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#36870-2024-11-07)
[Compare Source](https://redirect.github.com/aws/aws-sdk-js-v3/compare/v3.686.0...v3.687.0)
**Note:** Version bump only for package [@​aws-sdk/client-s3](https://redirect.github.com/aws-sdk/client-s3)
</details>
<details>
<summary>open-telemetry/opentelemetry-js (@​opentelemetry/exporter-prometheus)</summary>
### [`v0.54.2`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/6f4f3fcefd8e453f0516ba15fe0c2580442dd06a...72c9af91983e4b7aade98c901bd45c6cefee0da4)
[Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/6f4f3fcefd8e453f0516ba15fe0c2580442dd06a...72c9af91983e4b7aade98c901bd45c6cefee0da4)
</details>
<details>
<summary>swc-project/swc (@​swc/core)</summary>
### [`v1.9.2`](https://redirect.github.com/swc-project/swc/blob/HEAD/CHANGELOG.md#192---2024-11-11)
[Compare Source](https://redirect.github.com/swc-project/swc/compare/v1.9.1...v1.9.2)
##### Bug Fixes
- **(es)** Fix typo in feature name ([#​9721](https://redirect.github.com/swc-project/swc/issues/9721)) ([aff9de5](https://redirect.github.com/swc-project/swc/commit/aff9de5ea37d5d34d587b96b8044d08644936524))
##### Features
- **(es/codegen)** Implement proper `inline_script` support ([#​9729](https://redirect.github.com/swc-project/swc/issues/9729)) ([e732a36](https://redirect.github.com/swc-project/swc/commit/e732a36373f0959a0653dc51a863230a9b3d8982))
</details>
<details>
<summary>cloudflare/wrangler-action (cloudflare/wrangler-action)</summary>
### [`v3.12.1`](https://redirect.github.com/cloudflare/wrangler-action/releases/tag/v3.12.1)
[Compare Source](https://redirect.github.com/cloudflare/wrangler-action/compare/v3.12.0...v3.12.1)
##### Patch Changes
- [#​319](https://redirect.github.com/cloudflare/wrangler-action/pull/319) [`59c04629408d58978884fadd18755f1a15f96157`](https://redirect.github.com/cloudflare/wrangler-action/commit/59c04629408d58978884fadd18755f1a15f96157) Thanks [@​Maximo-Guk](https://redirect.github.com/Maximo-Guk)! - Fixes [#​317](https://redirect.github.com/cloudflare/wrangler-action/issues/317): Generate a new output directory with a randomUUID in the tmpDir, so that when the action is executed multiple times, we use the artifacts from that run, opposed to the artifacts from a previous run.
</details>
<details>
<summary>electron/electron (electron)</summary>
### [`v33.2.0`](https://redirect.github.com/electron/electron/releases/tag/v33.2.0): electron v33.2.0
[Compare Source](https://redirect.github.com/electron/electron/compare/v33.1.0...v33.2.0)
### Release Notes for v33.2.0
#### Features
- Added GPU accelerated shared texture offscreen rendering. [#​44511](https://redirect.github.com/electron/electron/pull/44511)
#### Other Changes
- Updated Chromium to 130.0.6723.118. [#​44591](https://redirect.github.com/electron/electron/pull/44591)
</details>
<details>
<summary>megahertz/electron-log (electron-log)</summary>
### [`v5.2.2`](https://redirect.github.com/megahertz/electron-log/compare/v5.2.0...v5.2.2)
[Compare Source](https://redirect.github.com/megahertz/electron-log/compare/v5.2.0...v5.2.2)
</details>
<details>
<summary>mmalecot/file-format (file-format)</summary>
### [`v0.26.0`](https://redirect.github.com/mmalecot/file-format/blob/HEAD/CHANGELOG.md#Version-0260-2024-11-07)
[Compare Source](https://redirect.github.com/mmalecot/file-format/compare/v0.25.0...v0.26.0)
#### API
- Add `reader-id3v2` feature
#### Improvements
- Improve Free Lossless Audio Codec (FLAC) detection when it contains ID3v2 metadata
- Improve MPEG-1/2 Audio Layer 3 (MP3) detection
#### New formats support
- ID3v2 (ID3)
</details>
<details>
<summary>html-validate/html-validate (html-validate)</summary>
### [`v8.25.0`](https://gitlab.com/html-validate/html-validate/blob/HEAD/CHANGELOG.md#8250-2024-11-11)
[Compare Source](https://gitlab.com/html-validate/html-validate/compare/v8.24.2...v8.25.0)
##### Features
- **cli:** add `--preset` to set preset when using cli ([2ec038f](https://gitlab.com/html-validate/html-validate/commit/2ec038fea2ec7e03b1cc1b5ede73fac37aa70e7e)), closes [#​269](https://gitlab.com/html-validate/html-validate/issues/269)
##### Bug Fixes
- properly close elements with optional end tag when implicit document element is used ([bbe2a99](https://gitlab.com/html-validate/html-validate/commit/bbe2a994215534214bf3a70a4294c7c8b8279811)), closes [#​268](https://gitlab.com/html-validate/html-validate/issues/268)
- **types:** narrow numeric rule severity to only 0, 1 and 2 ([88cf8a2](https://gitlab.com/html-validate/html-validate/commit/88cf8a2aaac81d86c75804d809b7d15f1632ebb7))
</details>
<details>
<summary>i18next/i18next (i18next)</summary>
### [`v23.16.5`](https://redirect.github.com/i18next/i18next/blob/HEAD/CHANGELOG.md#23165)
[Compare Source](https://redirect.github.com/i18next/i18next/compare/v23.16.4...v23.16.5)
- fix extractFromKey for use cases like [this](https://redirect.github.com/i18next/react-i18next/issues/1810)
</details>
<details>
<summary>lucide-icons/lucide (lucide-react)</summary>
### [`v0.456.0`](https://redirect.github.com/lucide-icons/lucide/releases/tag/0.456.0): Choosing import name style 0.456.0
[Compare Source](https://redirect.github.com/lucide-icons/lucide/compare/0.455.0...0.456.0)
#### What's Changed
- ci(pull-request): Fix generate comments for empty changes by [@​ericfennis](https://redirect.github.com/ericfennis) in [https://github.com/lucide-icons/lucide/pull/2593](https://redirect.github.com/lucide-icons/lucide/pull/2593)
- feat(lucide-react, lucide-preact, lucide-react-native, lucide-solid, lucide-vue-next): Adjustable icon naming imports by [@​ericfennis](https://redirect.github.com/ericfennis) in [https://github.com/lucide-icons/lucide/pull/2328](https://redirect.github.com/lucide-icons/lucide/pull/2328)
- fix(icons): changed `glass-water` icon by [@​jguddas](https://redirect.github.com/jguddas) in [https://github.com/lucide-icons/lucide/pull/2579](https://redirect.github.com/lucide-icons/lucide/pull/2579)
### Adjustable icon naming imports
Customize import name styles for `lucide-react`, `lucide-vue`, `lucide-react-native`, `lucide-preact`, to manage autocompletion in your IDE.
1. **Turn off autocomplete in your IDE**:
Add the following to your `settings.json`
```json
{
"typescript.preferences.autoImportFileExcludePatterns": [
"lucide-react",
"lucide-preact",
"lucide-react-native",
"lucide-vue-next"
]
}
```
2. **Create a custom module declaration file**:
It allows you to choose the import name style.
For React:
```ts
declare module "lucide-react" {
// Prefixed import names
export * from "lucide-react/dist/lucide-react.prefixed";
// or
// Suffixed import names
export * from "lucide-react/dist/lucide-react.suffixed";
}
```
For Vue:
```ts
declare module "lucide-vue-next" {
// Prefixed import names
export * from "lucide-vue-next/dist/lucide-vue-next.prefixed";
// or
// Suffixed import names
export * from "lucide-vue-next/dist/lucide-vue-next.suffixed";
}
```
### [`v0.455.0`](https://redirect.github.com/lucide-icons/lucide/releases/tag/0.455.0): New icons 0.455.0
[Compare Source](https://redirect.github.com/lucide-icons/lucide/compare/0.454.0...0.455.0)
#### New icons 🎨
- `wind-arrow-down` ([#​2554](https://redirect.github.com/lucide-icons/lucide/issues/2554)) by [@​jamiemlaw](https://redirect.github.com/jamiemlaw)
#### Modified Icons 🔨
- `file-music` ([#​2536](https://redirect.github.com/lucide-icons/lucide/issues/2536)) by [@​jguddas](https://redirect.github.com/jguddas)
- `slice` ([#​2500](https://redirect.github.com/lucide-icons/lucide/issues/2500)) by [@​jguddas](https://redirect.github.com/jguddas)
- `undo-dot` ([#​2557](https://redirect.github.com/lucide-icons/lucide/issues/2557)) by [@​jguddas](https://redirect.github.com/jguddas)
- `wind` ([#​2554](https://redirect.github.com/lucide-icons/lucide/issues/2554)) by [@​jamiemlaw](https://redirect.github.com/jamiemlaw)
</details>
<details>
<summary>mixpanel/mixpanel-js (mixpanel-browser)</summary>
### [`v2.56.0`](https://redirect.github.com/mixpanel/mixpanel-js/compare/v2.55.1...v2.56.0)
[Compare Source](https://redirect.github.com/mixpanel/mixpanel-js/compare/v2.55.1...v2.56.0)
</details>
<details>
<summary>mswjs/msw (msw)</summary>
### [`v2.6.4`](https://redirect.github.com/mswjs/msw/releases/tag/v2.6.4)
[Compare Source](https://redirect.github.com/mswjs/msw/compare/v2.6.3...v2.6.4)
#### v2.6.4 (2024-11-10)
##### Bug Fixes
- prevent infinite loop when bypassing `sendBeacon()` requests ([#​2353](https://redirect.github.com/mswjs/msw/issues/2353)) ([`2fa98c3`](https://redirect.github.com/mswjs/msw/commit/2fa98c327acc51189f87789d9155c4ec57be2299)) [@​kettanaito](https://redirect.github.com/kettanaito)
- remove the internal bypass request header before performing the request as-is in Node.js ([#​2353](https://redirect.github.com/mswjs/msw/issues/2353)) ([`2fa98c3`](https://redirect.github.com/mswjs/msw/commit/2fa98c327acc51189f87789d9155c4ec57be2299)) [@​kettanaito](https://redirect.github.com/kettanaito)
### [`v2.6.3`](https://redirect.github.com/mswjs/msw/releases/tag/v2.6.3)
[Compare Source](https://redirect.github.com/mswjs/msw/compare/v2.6.2...v2.6.3)
#### v2.6.3 (2024-11-10)
##### Bug Fixes
- **handleRequest:** remove `transformResponse` option ([#​2351](https://redirect.github.com/mswjs/msw/issues/2351)) ([`74c4a3a`](https://redirect.github.com/mswjs/msw/commit/74c4a3a89970bbfc498c812790daef13766dea72)) [@​kettanaito](https://redirect.github.com/kettanaito)
### [`v2.6.2`](https://redirect.github.com/mswjs/msw/releases/tag/v2.6.2)
[Compare Source](https://redirect.github.com/mswjs/msw/compare/v2.6.1...v2.6.2)
##### v2.6.2 (2024-11-07)
##### Bug Fixes
- update `@bundled-es-modules/cookie` to 2.0.1 ([#​2312](https://redirect.github.com/mswjs/msw/issues/2312)) ([`c134352`](https://redirect.github.com/mswjs/msw/commit/c134352e8206b91740247f4f196767ab8a8eb921)) [@​kettanaito](https://redirect.github.com/kettanaito)
</details>
<details>
<summary>napi-rs/napi-rs (napi-derive)</summary>
### [`v3.0.0-alpha.18`](https://redirect.github.com/napi-rs/napi-rs/releases/tag/napi-derive%403.0.0-alpha.18)
[Compare Source](https://redirect.github.com/napi-rs/napi-rs/compare/napi-derive@3.0.0-alpha.17...napi-derive@3.0.0-alpha.18)
#### What's Changed
- chore(napi-derive): remove unused dependency `regex` from `napi-derive-backend` by [@​Adjective-Object](https://redirect.github.com/Adjective-Object) in [https://github.com/napi-rs/napi-rs/pull/2344](https://redirect.github.com/napi-rs/napi-rs/pull/2344)
#### New Contributors
- [@​Adjective-Object](https://redirect.github.com/Adjective-Object) made their first contribution in [https://github.com/napi-rs/napi-rs/pull/2344](https://redirect.github.com/napi-rs/napi-rs/pull/2344)
**Full Changelog**: https://github.com/napi-rs/napi-rs/compare/napi-derive@3.0.0-alpha.17...napi-derive@3.0.0-alpha.18
</details>
<details>
<summary>nrwl/nx (nx)</summary>
### [`v20.0.12`](https://redirect.github.com/nrwl/nx/releases/tag/20.0.12)
[Compare Source](https://redirect.github.com/nrwl/nx/compare/20.0.11...20.0.12)
##### 20.0.12 (2024-11-08)
##### 🩹 Fixes
- **core:** create different dummy tasks for different targets ([#​28837](https://redirect.github.com/nrwl/nx/pull/28837))
- **core:** do not depend on ci info crate ([#​28850](https://redirect.github.com/nrwl/nx/pull/28850))
##### ❤️ Thank You
- Jason Jean [@​FrozenPandaz](https://redirect.github.com/FrozenPandaz)
### [`v20.0.11`](https://redirect.github.com/nrwl/nx/releases/tag/20.0.11)
[Compare Source](https://redirect.github.com/nrwl/nx/compare/20.0.10...20.0.11)
##### 20.0.11 (2024-11-07)
##### 🚀 Features
- **nx-cloud:** configure import paths for light client when running … ([#​28735](https://redirect.github.com/nrwl/nx/pull/28735))
- **nx-dev:** add video course page ([#​28736](https://redirect.github.com/nrwl/nx/pull/28736))
##### 🩹 Fixes
- **core:** fix cannot read properties of undefined (reading 'split') ([#​28761](https://redirect.github.com/nrwl/nx/pull/28761))
- **core:** task graph needs to handle multiple cycles ([#​28793](https://redirect.github.com/nrwl/nx/pull/28793))
- **core:** empty external deps should work properly ([#​28727](https://redirect.github.com/nrwl/nx/pull/28727))
- **core:** ensure that the database connection is closed when nx exits ([#​28821](https://redirect.github.com/nrwl/nx/pull/28821))
- **graph:** add better pdv empty states when no targets exist ([#​28797](https://redirect.github.com/nrwl/nx/pull/28797))
- **nx-dev:** SEO tags ([#​28823](https://redirect.github.com/nrwl/nx/pull/28823))
- **repo:** update version of actions/github-script in nightly script ([#​28784](https://redirect.github.com/nrwl/nx/pull/28784))
##### ❤️ Thank You
- Craigory Coppola [@​AgentEnder](https://redirect.github.com/AgentEnder)
- Emily Xiong [@​xiongemi](https://redirect.github.com/xiongemi)
- Jonathan Cammisuli
- Juri Strumpflohner [@​juristr](https://redirect.github.com/juristr)
- Louie Weng [@​lourw](https://redirect.github.com/lourw)
- MaxKless [@​MaxKless](https://redirect.github.com/MaxKless)
- Miroslav Jonaš [@​meeroslav](https://redirect.github.com/meeroslav)
</details>
<details>
<summary>postcss/postcss (postcss)</summary>
### [`v8.4.48`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8448)
[Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.47...8.4.48)
- Fixed position calculation in error/warnings methods (by [@​romainmenke](https://redirect.github.com/romainmenke)).
</details>
<details>
<summary>react-hook-form/react-hook-form (react-hook-form)</summary>
### [`v7.53.2`](https://redirect.github.com/react-hook-form/react-hook-form/releases/tag/v7.53.2): Version 7.53.2
[Compare Source](https://redirect.github.com/react-hook-form/react-hook-form/compare/v7.53.1...v7.53.2)
🐞 fix [#​12398](https://redirect.github.com/react-hook-form/react-hook-form/issues/12398) staled disabled issue with resubmit form ([#​12403](https://redirect.github.com/react-hook-form/react-hook-form/issues/12403))
🐞 fix: add type guard to fieldRef.select ([#​12390](https://redirect.github.com/react-hook-form/react-hook-form/issues/12390))
Revert "🏺 watch reference update on formState update ([#​12326](https://redirect.github.com/react-hook-form/react-hook-form/issues/12326))" ([#​12391](https://redirect.github.com/react-hook-form/react-hook-form/issues/12391))
thanks to [@​developer-bandi](https://redirect.github.com/developer-bandi)
</details>
<details>
<summary>i18next/react-i18next (react-i18next)</summary>
### [`v15.1.1`](https://redirect.github.com/i18next/react-i18next/blob/HEAD/CHANGELOG.md#1511)
[Compare Source](https://redirect.github.com/i18next/react-i18next/compare/v15.1.0...v15.1.1)
- fix: Not all namespaces are loaded when passing the lng option to useTranslate [1809](https://redirect.github.com/i18next/next-i18next/issues/1809)
</details>
<details>
<summary>tokio-rs/tokio (tokio)</summary>
### [`v1.41.1`](https://redirect.github.com/tokio-rs/tokio/releases/tag/tokio-1.41.1): Tokio v1.41.1
[Compare Source](https://redirect.github.com/tokio-rs/tokio/compare/tokio-1.41.0...tokio-1.41.1)
### 1.41.1 (Nov 7th, 2024)
##### Fixed
- metrics: fix bug with wrong number of buckets for the histogram ([#​6957])
- net: display `net` requirement for `net::UdpSocket` in docs ([#​6938])
- net: fix typo in `TcpStream` internal comment ([#​6944])
[#​6957]: https://redirect.github.com/tokio-rs/tokio/pull/6957
[#​6938]: https://redirect.github.com/tokio-rs/tokio/pull/6938
[#​6944]: https://redirect.github.com/tokio-rs/tokio/pull/6944
</details>
<details>
<summary>uuidjs/uuid (uuid)</summary>
### [`v11.0.3`](https://redirect.github.com/uuidjs/uuid/blob/HEAD/CHANGELOG.md#1103-2024-11-04)
[Compare Source](https://redirect.github.com/uuidjs/uuid/compare/v11.0.2...v11.0.3)
##### Bug Fixes
- apply stricter typing to the v\* signatures ([#​831](https://redirect.github.com/uuidjs/uuid/issues/831)) ([c2d3fed](https://redirect.github.com/uuidjs/uuid/commit/c2d3fed22cfd47c22c8f22f6154abb5060648ce5))
- export internal uuid types ([#​833](https://redirect.github.com/uuidjs/uuid/issues/833)) ([341edf4](https://redirect.github.com/uuidjs/uuid/commit/341edf444ced63708ba336285dbec29443523939))
- remove sourcemaps ([#​827](https://redirect.github.com/uuidjs/uuid/issues/827)) ([b93ea10](https://redirect.github.com/uuidjs/uuid/commit/b93ea101af7382053032d4fb61cc85599d6c7216))
- revert "simplify type for v3 and v5" ([#​835](https://redirect.github.com/uuidjs/uuid/issues/835)) ([e2dee69](https://redirect.github.com/uuidjs/uuid/commit/e2dee691e95aba854a892d2507d8cd9f009bf61d))
</details>
<details>
<summary>vitejs/vite (vite)</summary>
### [`v5.4.11`](https://redirect.github.com/vitejs/vite/releases/tag/v5.4.11)
Please refer to [CHANGELOG.md](https://redirect.github.com/vitejs/vite/blob/v5.4.11/packages/vite/CHANGELOG.md) for details.
</details>
<details>
<summary>cloudflare/workers-sdk (wrangler)</summary>
### [`v3.86.0`](https://redirect.github.com/cloudflare/workers-sdk/blob/HEAD/packages/wrangler/CHANGELOG.md#3860)
[Compare Source](https://redirect.github.com/cloudflare/workers-sdk/compare/wrangler@3.85.0...wrangler@3.86.0)
##### Minor Changes
- [#​7154](https://redirect.github.com/cloudflare/workers-sdk/pull/7154) [`ef7c0b3`](https://redirect.github.com/cloudflare/workers-sdk/commit/ef7c0b3641925e2deceb7e5323f86b769de54405) Thanks [@​jonesphillip](https://redirect.github.com/jonesphillip)! - Added the ability to enable, disable, and get r2.dev public access URLs for R2 buckets.
##### Patch Changes
- [#​7169](https://redirect.github.com/cloudflare/workers-sdk/pull/7169) [`9098a3b`](https://redirect.github.com/cloudflare/workers-sdk/commit/9098a3b03f82bbfb1fb8c8c531fafbfe26a49e59) Thanks [@​penalosa](https://redirect.github.com/penalosa)! - Ensure `workerd` processes are cleaned up after address-in-use errors
- [#​7172](https://redirect.github.com/cloudflare/workers-sdk/pull/7172) [`3dce388`](https://redirect.github.com/cloudflare/workers-sdk/commit/3dce3881bdaf373aa9b2e52483e340ab8193151c) Thanks [@​penalosa](https://redirect.github.com/penalosa)! - Clarify dev registry messaging around locally connected services. The connection status of local service bindings & durable object bindings is now indicated by `connected` or `not connected` next to their entry in the bindings summary. For more details, refer to https://developers.cloudflare.com/workers/runtime-apis/bindings/service-bindings/#local-development
- [#​7193](https://redirect.github.com/cloudflare/workers-sdk/pull/7193) [`ad51d1d`](https://redirect.github.com/cloudflare/workers-sdk/commit/ad51d1d77483bf0b4dc73fd392f5cdefe4ddf5d8) Thanks [@​sdnts](https://redirect.github.com/sdnts)! - Output suggested wrangler.toml changes after creating an R2 bucket
- [#​7191](https://redirect.github.com/cloudflare/workers-sdk/pull/7191) [`1d5bc6d`](https://redirect.github.com/cloudflare/workers-sdk/commit/1d5bc6d3530e98db117af3f6b16b43ff6c069f94) Thanks [@​sdnts](https://redirect.github.com/sdnts)! - Output suggested wrangler.toml changes after creating a Queue
- Updated dependencies \[[`1db7846`](https://redirect.github.com/cloudflare/workers-sdk/commit/1db7846ec5c356f6b59cddf5f48b16b3e7c73d66), [`08c6580`](https://redirect.github.com/cloudflare/workers-sdk/commit/08c6580494e702373d17ff7485988a8fae9af59e)]:
- miniflare@3.20241106.0
- [@​cloudflare/workers-shared](https://redirect.github.com/cloudflare/workers-shared)[@​0](https://redirect.github.com/0).7.1
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4xNDIuNyIsInVwZGF0ZWRJblZlciI6IjM5LjcuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-11-11 13:23:26 +03:00
|
|
|
version = "0.26.0"
|
2024-04-29 07:46:26 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
chore: bump up all non-major dependencies (#8725)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type | Update |
|---|---|---|---|---|---|---|---|
| [@aws-sdk/client-s3](https://redirect.github.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://redirect.github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.686.0` -> `3.688.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.686.0/3.688.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.688.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.688.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.686.0/3.688.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.686.0/3.688.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@aws-sdk/client-s3](https://redirect.github.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://redirect.github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.686.0` -> `3.688.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.686.0/3.688.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.688.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.688.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.686.0/3.688.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.686.0/3.688.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@opentelemetry/exporter-prometheus](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-exporter-prometheus) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js)) | [`0.54.1` -> `0.54.2`](https://renovatebot.com/diffs/npm/@opentelemetry%2fexporter-prometheus/0.54.1/0.54.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fexporter-prometheus/0.54.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@opentelemetry%2fexporter-prometheus/0.54.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@opentelemetry%2fexporter-prometheus/0.54.1/0.54.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fexporter-prometheus/0.54.1/0.54.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [@opentelemetry/instrumentation](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-instrumentation) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js)) | [`0.54.1` -> `0.54.2`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation/0.54.1/0.54.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2finstrumentation/0.54.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@opentelemetry%2finstrumentation/0.54.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@opentelemetry%2finstrumentation/0.54.1/0.54.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2finstrumentation/0.54.1/0.54.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [@opentelemetry/instrumentation-http](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-instrumentation-http) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js)) | [`0.54.1` -> `0.54.2`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-http/0.54.1/0.54.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2finstrumentation-http/0.54.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@opentelemetry%2finstrumentation-http/0.54.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@opentelemetry%2finstrumentation-http/0.54.1/0.54.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2finstrumentation-http/0.54.1/0.54.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [@opentelemetry/sdk-node](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-sdk-node) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js)) | [`0.54.1` -> `0.54.2`](https://renovatebot.com/diffs/npm/@opentelemetry%2fsdk-node/0.54.1/0.54.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fsdk-node/0.54.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@opentelemetry%2fsdk-node/0.54.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@opentelemetry%2fsdk-node/0.54.1/0.54.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fsdk-node/0.54.1/0.54.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [@swc/core](https://swc.rs) ([source](https://redirect.github.com/swc-project/swc)) | [`1.9.1` -> `1.9.2`](https://renovatebot.com/diffs/npm/@swc%2fcore/1.9.1/1.9.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@swc%2fcore/1.9.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@swc%2fcore/1.9.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@swc%2fcore/1.9.1/1.9.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@swc%2fcore/1.9.1/1.9.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [cloudflare/wrangler-action](https://redirect.github.com/cloudflare/wrangler-action) | `v3.12.0` -> `v3.12.1` | [![age](https://developer.mend.io/api/mc/badges/age/github-tags/cloudflare%2fwrangler-action/v3.12.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/cloudflare%2fwrangler-action/v3.12.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/cloudflare%2fwrangler-action/v3.12.0/v3.12.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/cloudflare%2fwrangler-action/v3.12.0/v3.12.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | action | patch |
| [electron](https://redirect.github.com/electron/electron) | [`33.1.0` -> `33.2.0`](https://renovatebot.com/diffs/npm/electron/33.1.0/33.2.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/electron/33.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/electron/33.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/electron/33.1.0/33.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron/33.1.0/33.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [electron-log](https://redirect.github.com/megahertz/electron-log) | [`5.2.0` -> `5.2.2`](https://renovatebot.com/diffs/npm/electron-log/5.2.0/5.2.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/electron-log/5.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/electron-log/5.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/electron-log/5.2.0/5.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron-log/5.2.0/5.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [file-format](https://redirect.github.com/mmalecot/file-format) | `0.25` -> `0.26` | [![age](https://developer.mend.io/api/mc/badges/age/crate/file-format/0.26.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/file-format/0.26.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/file-format/0.25.0/0.26.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/file-format/0.25.0/0.26.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | minor |
| [html-validate](https://html-validate.org) ([source](https://gitlab.com/html-validate/html-validate)) | [`8.24.2` -> `8.25.0`](https://renovatebot.com/diffs/npm/html-validate/8.24.2/8.25.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/html-validate/8.25.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/html-validate/8.25.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/html-validate/8.24.2/8.25.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/html-validate/8.24.2/8.25.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [i18next](https://www.i18next.com) ([source](https://redirect.github.com/i18next/i18next)) | [`23.16.4` -> `23.16.5`](https://renovatebot.com/diffs/npm/i18next/23.16.4/23.16.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/i18next/23.16.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/i18next/23.16.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/i18next/23.16.4/23.16.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/i18next/23.16.4/23.16.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [keyv](https://redirect.github.com/jaredwray/keyv) | [`5.1.3` -> `5.2.1`](https://renovatebot.com/diffs/npm/keyv/5.1.3/5.2.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/keyv/5.2.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/keyv/5.2.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/keyv/5.1.3/5.2.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/keyv/5.1.3/5.2.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [lucide-react](https://lucide.dev) ([source](https://redirect.github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react)) | [`^0.454.0` -> `^0.456.0`](https://renovatebot.com/diffs/npm/lucide-react/0.454.0/0.456.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/lucide-react/0.456.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/lucide-react/0.456.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/lucide-react/0.454.0/0.456.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/lucide-react/0.454.0/0.456.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [mixpanel-browser](https://redirect.github.com/mixpanel/mixpanel-js) | [`2.55.1` -> `2.56.0`](https://renovatebot.com/diffs/npm/mixpanel-browser/2.55.1/2.56.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/mixpanel-browser/2.56.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/mixpanel-browser/2.56.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/mixpanel-browser/2.55.1/2.56.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/mixpanel-browser/2.55.1/2.56.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [msw](https://mswjs.io) ([source](https://redirect.github.com/mswjs/msw)) | [`2.6.1` -> `2.6.4`](https://renovatebot.com/diffs/npm/msw/2.6.1/2.6.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/msw/2.6.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/msw/2.6.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/msw/2.6.1/2.6.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/msw/2.6.1/2.6.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [napi-derive](https://redirect.github.com/napi-rs/napi-rs) | `3.0.0-alpha.17` -> `3.0.0-alpha.18` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi-derive/3.0.0-alpha.18?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi-derive/3.0.0-alpha.18?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi-derive/3.0.0-alpha.17/3.0.0-alpha.18?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi-derive/3.0.0-alpha.17/3.0.0-alpha.18?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [nx](https://nx.dev) ([source](https://redirect.github.com/nrwl/nx/tree/HEAD/packages/nx)) | [`20.0.10` -> `20.0.12`](https://renovatebot.com/diffs/npm/nx/20.0.10/20.0.12) | [![age](https://developer.mend.io/api/mc/badges/age/npm/nx/20.0.12?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/nx/20.0.12?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/nx/20.0.10/20.0.12?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nx/20.0.10/20.0.12?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [postcss](https://postcss.org/) ([source](https://redirect.github.com/postcss/postcss)) | [`8.4.47` -> `8.4.48`](https://renovatebot.com/diffs/npm/postcss/8.4.47/8.4.48) | [![age](https://developer.mend.io/api/mc/badges/age/npm/postcss/8.4.48?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/postcss/8.4.48?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/postcss/8.4.47/8.4.48?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/postcss/8.4.47/8.4.48?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [react-hook-form](https://www.react-hook-form.com) ([source](https://redirect.github.com/react-hook-form/react-hook-form)) | [`7.53.1` -> `7.53.2`](https://renovatebot.com/diffs/npm/react-hook-form/7.53.1/7.53.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-hook-form/7.53.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-hook-form/7.53.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-hook-form/7.53.1/7.53.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-hook-form/7.53.1/7.53.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [react-i18next](https://redirect.github.com/i18next/react-i18next) | [`15.1.0` -> `15.1.1`](https://renovatebot.com/diffs/npm/react-i18next/15.1.0/15.1.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-i18next/15.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-i18next/15.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-i18next/15.1.0/15.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-i18next/15.1.0/15.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [tokio](https://tokio.rs) ([source](https://redirect.github.com/tokio-rs/tokio)) | `1.41.0` -> `1.41.1` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.41.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.41.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.41.0/1.41.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.41.0/1.41.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dev-dependencies | patch |
| [tokio](https://tokio.rs) ([source](https://redirect.github.com/tokio-rs/tokio)) | `1.41.0` -> `1.41.1` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.41.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.41.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.41.0/1.41.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.41.0/1.41.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [uuid](https://redirect.github.com/uuidjs/uuid) | [`11.0.2` -> `11.0.3`](https://renovatebot.com/diffs/npm/uuid/11.0.2/11.0.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/uuid/11.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/uuid/11.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/uuid/11.0.2/11.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/uuid/11.0.2/11.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [vite](https://vite.dev) ([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite)) | [`5.4.10` -> `5.4.11`](https://renovatebot.com/diffs/npm/vite/5.4.10/5.4.11) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite/5.4.11?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/5.4.11?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/5.4.10/5.4.11?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/5.4.10/5.4.11?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [wrangler](https://redirect.github.com/cloudflare/workers-sdk) ([source](https://redirect.github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler)) | [`3.85.0` -> `3.86.0`](https://renovatebot.com/diffs/npm/wrangler/3.85.0/3.86.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/wrangler/3.86.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/wrangler/3.86.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/wrangler/3.85.0/3.86.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/wrangler/3.85.0/3.86.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
---
### Release Notes
<details>
<summary>aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)</summary>
### [`v3.688.0`](https://redirect.github.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#36880-2024-11-08)
[Compare Source](https://redirect.github.com/aws/aws-sdk-js-v3/compare/v3.687.0...v3.688.0)
**Note:** Version bump only for package [@​aws-sdk/client-s3](https://redirect.github.com/aws-sdk/client-s3)
### [`v3.687.0`](https://redirect.github.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#36870-2024-11-07)
[Compare Source](https://redirect.github.com/aws/aws-sdk-js-v3/compare/v3.686.0...v3.687.0)
**Note:** Version bump only for package [@​aws-sdk/client-s3](https://redirect.github.com/aws-sdk/client-s3)
</details>
<details>
<summary>open-telemetry/opentelemetry-js (@​opentelemetry/exporter-prometheus)</summary>
### [`v0.54.2`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/6f4f3fcefd8e453f0516ba15fe0c2580442dd06a...72c9af91983e4b7aade98c901bd45c6cefee0da4)
[Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/6f4f3fcefd8e453f0516ba15fe0c2580442dd06a...72c9af91983e4b7aade98c901bd45c6cefee0da4)
</details>
<details>
<summary>swc-project/swc (@​swc/core)</summary>
### [`v1.9.2`](https://redirect.github.com/swc-project/swc/blob/HEAD/CHANGELOG.md#192---2024-11-11)
[Compare Source](https://redirect.github.com/swc-project/swc/compare/v1.9.1...v1.9.2)
##### Bug Fixes
- **(es)** Fix typo in feature name ([#​9721](https://redirect.github.com/swc-project/swc/issues/9721)) ([aff9de5](https://redirect.github.com/swc-project/swc/commit/aff9de5ea37d5d34d587b96b8044d08644936524))
##### Features
- **(es/codegen)** Implement proper `inline_script` support ([#​9729](https://redirect.github.com/swc-project/swc/issues/9729)) ([e732a36](https://redirect.github.com/swc-project/swc/commit/e732a36373f0959a0653dc51a863230a9b3d8982))
</details>
<details>
<summary>cloudflare/wrangler-action (cloudflare/wrangler-action)</summary>
### [`v3.12.1`](https://redirect.github.com/cloudflare/wrangler-action/releases/tag/v3.12.1)
[Compare Source](https://redirect.github.com/cloudflare/wrangler-action/compare/v3.12.0...v3.12.1)
##### Patch Changes
- [#​319](https://redirect.github.com/cloudflare/wrangler-action/pull/319) [`59c04629408d58978884fadd18755f1a15f96157`](https://redirect.github.com/cloudflare/wrangler-action/commit/59c04629408d58978884fadd18755f1a15f96157) Thanks [@​Maximo-Guk](https://redirect.github.com/Maximo-Guk)! - Fixes [#​317](https://redirect.github.com/cloudflare/wrangler-action/issues/317): Generate a new output directory with a randomUUID in the tmpDir, so that when the action is executed multiple times, we use the artifacts from that run, opposed to the artifacts from a previous run.
</details>
<details>
<summary>electron/electron (electron)</summary>
### [`v33.2.0`](https://redirect.github.com/electron/electron/releases/tag/v33.2.0): electron v33.2.0
[Compare Source](https://redirect.github.com/electron/electron/compare/v33.1.0...v33.2.0)
### Release Notes for v33.2.0
#### Features
- Added GPU accelerated shared texture offscreen rendering. [#​44511](https://redirect.github.com/electron/electron/pull/44511)
#### Other Changes
- Updated Chromium to 130.0.6723.118. [#​44591](https://redirect.github.com/electron/electron/pull/44591)
</details>
<details>
<summary>megahertz/electron-log (electron-log)</summary>
### [`v5.2.2`](https://redirect.github.com/megahertz/electron-log/compare/v5.2.0...v5.2.2)
[Compare Source](https://redirect.github.com/megahertz/electron-log/compare/v5.2.0...v5.2.2)
</details>
<details>
<summary>mmalecot/file-format (file-format)</summary>
### [`v0.26.0`](https://redirect.github.com/mmalecot/file-format/blob/HEAD/CHANGELOG.md#Version-0260-2024-11-07)
[Compare Source](https://redirect.github.com/mmalecot/file-format/compare/v0.25.0...v0.26.0)
#### API
- Add `reader-id3v2` feature
#### Improvements
- Improve Free Lossless Audio Codec (FLAC) detection when it contains ID3v2 metadata
- Improve MPEG-1/2 Audio Layer 3 (MP3) detection
#### New formats support
- ID3v2 (ID3)
</details>
<details>
<summary>html-validate/html-validate (html-validate)</summary>
### [`v8.25.0`](https://gitlab.com/html-validate/html-validate/blob/HEAD/CHANGELOG.md#8250-2024-11-11)
[Compare Source](https://gitlab.com/html-validate/html-validate/compare/v8.24.2...v8.25.0)
##### Features
- **cli:** add `--preset` to set preset when using cli ([2ec038f](https://gitlab.com/html-validate/html-validate/commit/2ec038fea2ec7e03b1cc1b5ede73fac37aa70e7e)), closes [#​269](https://gitlab.com/html-validate/html-validate/issues/269)
##### Bug Fixes
- properly close elements with optional end tag when implicit document element is used ([bbe2a99](https://gitlab.com/html-validate/html-validate/commit/bbe2a994215534214bf3a70a4294c7c8b8279811)), closes [#​268](https://gitlab.com/html-validate/html-validate/issues/268)
- **types:** narrow numeric rule severity to only 0, 1 and 2 ([88cf8a2](https://gitlab.com/html-validate/html-validate/commit/88cf8a2aaac81d86c75804d809b7d15f1632ebb7))
</details>
<details>
<summary>i18next/i18next (i18next)</summary>
### [`v23.16.5`](https://redirect.github.com/i18next/i18next/blob/HEAD/CHANGELOG.md#23165)
[Compare Source](https://redirect.github.com/i18next/i18next/compare/v23.16.4...v23.16.5)
- fix extractFromKey for use cases like [this](https://redirect.github.com/i18next/react-i18next/issues/1810)
</details>
<details>
<summary>lucide-icons/lucide (lucide-react)</summary>
### [`v0.456.0`](https://redirect.github.com/lucide-icons/lucide/releases/tag/0.456.0): Choosing import name style 0.456.0
[Compare Source](https://redirect.github.com/lucide-icons/lucide/compare/0.455.0...0.456.0)
#### What's Changed
- ci(pull-request): Fix generate comments for empty changes by [@​ericfennis](https://redirect.github.com/ericfennis) in [https://github.com/lucide-icons/lucide/pull/2593](https://redirect.github.com/lucide-icons/lucide/pull/2593)
- feat(lucide-react, lucide-preact, lucide-react-native, lucide-solid, lucide-vue-next): Adjustable icon naming imports by [@​ericfennis](https://redirect.github.com/ericfennis) in [https://github.com/lucide-icons/lucide/pull/2328](https://redirect.github.com/lucide-icons/lucide/pull/2328)
- fix(icons): changed `glass-water` icon by [@​jguddas](https://redirect.github.com/jguddas) in [https://github.com/lucide-icons/lucide/pull/2579](https://redirect.github.com/lucide-icons/lucide/pull/2579)
### Adjustable icon naming imports
Customize import name styles for `lucide-react`, `lucide-vue`, `lucide-react-native`, `lucide-preact`, to manage autocompletion in your IDE.
1. **Turn off autocomplete in your IDE**:
Add the following to your `settings.json`
```json
{
"typescript.preferences.autoImportFileExcludePatterns": [
"lucide-react",
"lucide-preact",
"lucide-react-native",
"lucide-vue-next"
]
}
```
2. **Create a custom module declaration file**:
It allows you to choose the import name style.
For React:
```ts
declare module "lucide-react" {
// Prefixed import names
export * from "lucide-react/dist/lucide-react.prefixed";
// or
// Suffixed import names
export * from "lucide-react/dist/lucide-react.suffixed";
}
```
For Vue:
```ts
declare module "lucide-vue-next" {
// Prefixed import names
export * from "lucide-vue-next/dist/lucide-vue-next.prefixed";
// or
// Suffixed import names
export * from "lucide-vue-next/dist/lucide-vue-next.suffixed";
}
```
### [`v0.455.0`](https://redirect.github.com/lucide-icons/lucide/releases/tag/0.455.0): New icons 0.455.0
[Compare Source](https://redirect.github.com/lucide-icons/lucide/compare/0.454.0...0.455.0)
#### New icons 🎨
- `wind-arrow-down` ([#​2554](https://redirect.github.com/lucide-icons/lucide/issues/2554)) by [@​jamiemlaw](https://redirect.github.com/jamiemlaw)
#### Modified Icons 🔨
- `file-music` ([#​2536](https://redirect.github.com/lucide-icons/lucide/issues/2536)) by [@​jguddas](https://redirect.github.com/jguddas)
- `slice` ([#​2500](https://redirect.github.com/lucide-icons/lucide/issues/2500)) by [@​jguddas](https://redirect.github.com/jguddas)
- `undo-dot` ([#​2557](https://redirect.github.com/lucide-icons/lucide/issues/2557)) by [@​jguddas](https://redirect.github.com/jguddas)
- `wind` ([#​2554](https://redirect.github.com/lucide-icons/lucide/issues/2554)) by [@​jamiemlaw](https://redirect.github.com/jamiemlaw)
</details>
<details>
<summary>mixpanel/mixpanel-js (mixpanel-browser)</summary>
### [`v2.56.0`](https://redirect.github.com/mixpanel/mixpanel-js/compare/v2.55.1...v2.56.0)
[Compare Source](https://redirect.github.com/mixpanel/mixpanel-js/compare/v2.55.1...v2.56.0)
</details>
<details>
<summary>mswjs/msw (msw)</summary>
### [`v2.6.4`](https://redirect.github.com/mswjs/msw/releases/tag/v2.6.4)
[Compare Source](https://redirect.github.com/mswjs/msw/compare/v2.6.3...v2.6.4)
#### v2.6.4 (2024-11-10)
##### Bug Fixes
- prevent infinite loop when bypassing `sendBeacon()` requests ([#​2353](https://redirect.github.com/mswjs/msw/issues/2353)) ([`2fa98c3`](https://redirect.github.com/mswjs/msw/commit/2fa98c327acc51189f87789d9155c4ec57be2299)) [@​kettanaito](https://redirect.github.com/kettanaito)
- remove the internal bypass request header before performing the request as-is in Node.js ([#​2353](https://redirect.github.com/mswjs/msw/issues/2353)) ([`2fa98c3`](https://redirect.github.com/mswjs/msw/commit/2fa98c327acc51189f87789d9155c4ec57be2299)) [@​kettanaito](https://redirect.github.com/kettanaito)
### [`v2.6.3`](https://redirect.github.com/mswjs/msw/releases/tag/v2.6.3)
[Compare Source](https://redirect.github.com/mswjs/msw/compare/v2.6.2...v2.6.3)
#### v2.6.3 (2024-11-10)
##### Bug Fixes
- **handleRequest:** remove `transformResponse` option ([#​2351](https://redirect.github.com/mswjs/msw/issues/2351)) ([`74c4a3a`](https://redirect.github.com/mswjs/msw/commit/74c4a3a89970bbfc498c812790daef13766dea72)) [@​kettanaito](https://redirect.github.com/kettanaito)
### [`v2.6.2`](https://redirect.github.com/mswjs/msw/releases/tag/v2.6.2)
[Compare Source](https://redirect.github.com/mswjs/msw/compare/v2.6.1...v2.6.2)
##### v2.6.2 (2024-11-07)
##### Bug Fixes
- update `@bundled-es-modules/cookie` to 2.0.1 ([#​2312](https://redirect.github.com/mswjs/msw/issues/2312)) ([`c134352`](https://redirect.github.com/mswjs/msw/commit/c134352e8206b91740247f4f196767ab8a8eb921)) [@​kettanaito](https://redirect.github.com/kettanaito)
</details>
<details>
<summary>napi-rs/napi-rs (napi-derive)</summary>
### [`v3.0.0-alpha.18`](https://redirect.github.com/napi-rs/napi-rs/releases/tag/napi-derive%403.0.0-alpha.18)
[Compare Source](https://redirect.github.com/napi-rs/napi-rs/compare/napi-derive@3.0.0-alpha.17...napi-derive@3.0.0-alpha.18)
#### What's Changed
- chore(napi-derive): remove unused dependency `regex` from `napi-derive-backend` by [@​Adjective-Object](https://redirect.github.com/Adjective-Object) in [https://github.com/napi-rs/napi-rs/pull/2344](https://redirect.github.com/napi-rs/napi-rs/pull/2344)
#### New Contributors
- [@​Adjective-Object](https://redirect.github.com/Adjective-Object) made their first contribution in [https://github.com/napi-rs/napi-rs/pull/2344](https://redirect.github.com/napi-rs/napi-rs/pull/2344)
**Full Changelog**: https://github.com/napi-rs/napi-rs/compare/napi-derive@3.0.0-alpha.17...napi-derive@3.0.0-alpha.18
</details>
<details>
<summary>nrwl/nx (nx)</summary>
### [`v20.0.12`](https://redirect.github.com/nrwl/nx/releases/tag/20.0.12)
[Compare Source](https://redirect.github.com/nrwl/nx/compare/20.0.11...20.0.12)
##### 20.0.12 (2024-11-08)
##### 🩹 Fixes
- **core:** create different dummy tasks for different targets ([#​28837](https://redirect.github.com/nrwl/nx/pull/28837))
- **core:** do not depend on ci info crate ([#​28850](https://redirect.github.com/nrwl/nx/pull/28850))
##### ❤️ Thank You
- Jason Jean [@​FrozenPandaz](https://redirect.github.com/FrozenPandaz)
### [`v20.0.11`](https://redirect.github.com/nrwl/nx/releases/tag/20.0.11)
[Compare Source](https://redirect.github.com/nrwl/nx/compare/20.0.10...20.0.11)
##### 20.0.11 (2024-11-07)
##### 🚀 Features
- **nx-cloud:** configure import paths for light client when running … ([#​28735](https://redirect.github.com/nrwl/nx/pull/28735))
- **nx-dev:** add video course page ([#​28736](https://redirect.github.com/nrwl/nx/pull/28736))
##### 🩹 Fixes
- **core:** fix cannot read properties of undefined (reading 'split') ([#​28761](https://redirect.github.com/nrwl/nx/pull/28761))
- **core:** task graph needs to handle multiple cycles ([#​28793](https://redirect.github.com/nrwl/nx/pull/28793))
- **core:** empty external deps should work properly ([#​28727](https://redirect.github.com/nrwl/nx/pull/28727))
- **core:** ensure that the database connection is closed when nx exits ([#​28821](https://redirect.github.com/nrwl/nx/pull/28821))
- **graph:** add better pdv empty states when no targets exist ([#​28797](https://redirect.github.com/nrwl/nx/pull/28797))
- **nx-dev:** SEO tags ([#​28823](https://redirect.github.com/nrwl/nx/pull/28823))
- **repo:** update version of actions/github-script in nightly script ([#​28784](https://redirect.github.com/nrwl/nx/pull/28784))
##### ❤️ Thank You
- Craigory Coppola [@​AgentEnder](https://redirect.github.com/AgentEnder)
- Emily Xiong [@​xiongemi](https://redirect.github.com/xiongemi)
- Jonathan Cammisuli
- Juri Strumpflohner [@​juristr](https://redirect.github.com/juristr)
- Louie Weng [@​lourw](https://redirect.github.com/lourw)
- MaxKless [@​MaxKless](https://redirect.github.com/MaxKless)
- Miroslav Jonaš [@​meeroslav](https://redirect.github.com/meeroslav)
</details>
<details>
<summary>postcss/postcss (postcss)</summary>
### [`v8.4.48`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8448)
[Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.47...8.4.48)
- Fixed position calculation in error/warnings methods (by [@​romainmenke](https://redirect.github.com/romainmenke)).
</details>
<details>
<summary>react-hook-form/react-hook-form (react-hook-form)</summary>
### [`v7.53.2`](https://redirect.github.com/react-hook-form/react-hook-form/releases/tag/v7.53.2): Version 7.53.2
[Compare Source](https://redirect.github.com/react-hook-form/react-hook-form/compare/v7.53.1...v7.53.2)
🐞 fix [#​12398](https://redirect.github.com/react-hook-form/react-hook-form/issues/12398) staled disabled issue with resubmit form ([#​12403](https://redirect.github.com/react-hook-form/react-hook-form/issues/12403))
🐞 fix: add type guard to fieldRef.select ([#​12390](https://redirect.github.com/react-hook-form/react-hook-form/issues/12390))
Revert "🏺 watch reference update on formState update ([#​12326](https://redirect.github.com/react-hook-form/react-hook-form/issues/12326))" ([#​12391](https://redirect.github.com/react-hook-form/react-hook-form/issues/12391))
thanks to [@​developer-bandi](https://redirect.github.com/developer-bandi)
</details>
<details>
<summary>i18next/react-i18next (react-i18next)</summary>
### [`v15.1.1`](https://redirect.github.com/i18next/react-i18next/blob/HEAD/CHANGELOG.md#1511)
[Compare Source](https://redirect.github.com/i18next/react-i18next/compare/v15.1.0...v15.1.1)
- fix: Not all namespaces are loaded when passing the lng option to useTranslate [1809](https://redirect.github.com/i18next/next-i18next/issues/1809)
</details>
<details>
<summary>tokio-rs/tokio (tokio)</summary>
### [`v1.41.1`](https://redirect.github.com/tokio-rs/tokio/releases/tag/tokio-1.41.1): Tokio v1.41.1
[Compare Source](https://redirect.github.com/tokio-rs/tokio/compare/tokio-1.41.0...tokio-1.41.1)
### 1.41.1 (Nov 7th, 2024)
##### Fixed
- metrics: fix bug with wrong number of buckets for the histogram ([#​6957])
- net: display `net` requirement for `net::UdpSocket` in docs ([#​6938])
- net: fix typo in `TcpStream` internal comment ([#​6944])
[#​6957]: https://redirect.github.com/tokio-rs/tokio/pull/6957
[#​6938]: https://redirect.github.com/tokio-rs/tokio/pull/6938
[#​6944]: https://redirect.github.com/tokio-rs/tokio/pull/6944
</details>
<details>
<summary>uuidjs/uuid (uuid)</summary>
### [`v11.0.3`](https://redirect.github.com/uuidjs/uuid/blob/HEAD/CHANGELOG.md#1103-2024-11-04)
[Compare Source](https://redirect.github.com/uuidjs/uuid/compare/v11.0.2...v11.0.3)
##### Bug Fixes
- apply stricter typing to the v\* signatures ([#​831](https://redirect.github.com/uuidjs/uuid/issues/831)) ([c2d3fed](https://redirect.github.com/uuidjs/uuid/commit/c2d3fed22cfd47c22c8f22f6154abb5060648ce5))
- export internal uuid types ([#​833](https://redirect.github.com/uuidjs/uuid/issues/833)) ([341edf4](https://redirect.github.com/uuidjs/uuid/commit/341edf444ced63708ba336285dbec29443523939))
- remove sourcemaps ([#​827](https://redirect.github.com/uuidjs/uuid/issues/827)) ([b93ea10](https://redirect.github.com/uuidjs/uuid/commit/b93ea101af7382053032d4fb61cc85599d6c7216))
- revert "simplify type for v3 and v5" ([#​835](https://redirect.github.com/uuidjs/uuid/issues/835)) ([e2dee69](https://redirect.github.com/uuidjs/uuid/commit/e2dee691e95aba854a892d2507d8cd9f009bf61d))
</details>
<details>
<summary>vitejs/vite (vite)</summary>
### [`v5.4.11`](https://redirect.github.com/vitejs/vite/releases/tag/v5.4.11)
Please refer to [CHANGELOG.md](https://redirect.github.com/vitejs/vite/blob/v5.4.11/packages/vite/CHANGELOG.md) for details.
</details>
<details>
<summary>cloudflare/workers-sdk (wrangler)</summary>
### [`v3.86.0`](https://redirect.github.com/cloudflare/workers-sdk/blob/HEAD/packages/wrangler/CHANGELOG.md#3860)
[Compare Source](https://redirect.github.com/cloudflare/workers-sdk/compare/wrangler@3.85.0...wrangler@3.86.0)
##### Minor Changes
- [#​7154](https://redirect.github.com/cloudflare/workers-sdk/pull/7154) [`ef7c0b3`](https://redirect.github.com/cloudflare/workers-sdk/commit/ef7c0b3641925e2deceb7e5323f86b769de54405) Thanks [@​jonesphillip](https://redirect.github.com/jonesphillip)! - Added the ability to enable, disable, and get r2.dev public access URLs for R2 buckets.
##### Patch Changes
- [#​7169](https://redirect.github.com/cloudflare/workers-sdk/pull/7169) [`9098a3b`](https://redirect.github.com/cloudflare/workers-sdk/commit/9098a3b03f82bbfb1fb8c8c531fafbfe26a49e59) Thanks [@​penalosa](https://redirect.github.com/penalosa)! - Ensure `workerd` processes are cleaned up after address-in-use errors
- [#​7172](https://redirect.github.com/cloudflare/workers-sdk/pull/7172) [`3dce388`](https://redirect.github.com/cloudflare/workers-sdk/commit/3dce3881bdaf373aa9b2e52483e340ab8193151c) Thanks [@​penalosa](https://redirect.github.com/penalosa)! - Clarify dev registry messaging around locally connected services. The connection status of local service bindings & durable object bindings is now indicated by `connected` or `not connected` next to their entry in the bindings summary. For more details, refer to https://developers.cloudflare.com/workers/runtime-apis/bindings/service-bindings/#local-development
- [#​7193](https://redirect.github.com/cloudflare/workers-sdk/pull/7193) [`ad51d1d`](https://redirect.github.com/cloudflare/workers-sdk/commit/ad51d1d77483bf0b4dc73fd392f5cdefe4ddf5d8) Thanks [@​sdnts](https://redirect.github.com/sdnts)! - Output suggested wrangler.toml changes after creating an R2 bucket
- [#​7191](https://redirect.github.com/cloudflare/workers-sdk/pull/7191) [`1d5bc6d`](https://redirect.github.com/cloudflare/workers-sdk/commit/1d5bc6d3530e98db117af3f6b16b43ff6c069f94) Thanks [@​sdnts](https://redirect.github.com/sdnts)! - Output suggested wrangler.toml changes after creating a Queue
- Updated dependencies \[[`1db7846`](https://redirect.github.com/cloudflare/workers-sdk/commit/1db7846ec5c356f6b59cddf5f48b16b3e7c73d66), [`08c6580`](https://redirect.github.com/cloudflare/workers-sdk/commit/08c6580494e702373d17ff7485988a8fae9af59e)]:
- miniflare@3.20241106.0
- [@​cloudflare/workers-shared](https://redirect.github.com/cloudflare/workers-shared)[@​0](https://redirect.github.com/0).7.1
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4xNDIuNyIsInVwZGF0ZWRJblZlciI6IjM5LjcuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-11-11 13:23:26 +03:00
|
|
|
checksum = "e7ef3d5e8ae27277c8285ac43ed153158178ef0f79567f32024ca8140a0c7cd8"
|
2024-04-29 07:46:26 +03:00
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "flume"
|
2024-11-09 06:39:11 +03:00
|
|
|
version = "0.11.1"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-09 06:39:11 +03:00
|
|
|
checksum = "da0e4dd2a88388a1f4ccc7c9ce104604dab68d9f408dc34cd45823d5a9069095"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"futures-core",
|
|
|
|
"futures-sink",
|
2024-06-24 11:06:20 +03:00
|
|
|
"spin",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
2023-06-07 09:52:19 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "form_urlencoded"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "1.2.1"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "e13624c2627564efccf4934284bdd98cbaa14e79b0b5a141218e507b3a823456"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"percent-encoding",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
2024-12-10 06:43:34 +03:00
|
|
|
[[package]]
|
|
|
|
name = "fs-err"
|
|
|
|
version = "2.11.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "88a41f105fe1d5b6b34b2055e3dc59bb79b46b48b2040b9e6c7b4b5de097aa41"
|
|
|
|
dependencies = [
|
|
|
|
"autocfg",
|
|
|
|
]
|
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "funty"
|
|
|
|
version = "2.0.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "e6d5a32815ae3f33302d95fdcb2ce17862f8c65363dcfd29360480ba1001fc9c"
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "futures-channel"
|
2024-11-09 06:39:11 +03:00
|
|
|
version = "0.3.31"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-09 06:39:11 +03:00
|
|
|
checksum = "2dff15bf788c671c1934e366d07e30c1814a8ef514e1af724a602e8a2fbe1b10"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"futures-core",
|
|
|
|
"futures-sink",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "futures-core"
|
2024-11-09 06:39:11 +03:00
|
|
|
version = "0.3.31"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-09 06:39:11 +03:00
|
|
|
checksum = "05f29059c0c2090612e8d742178b0580d2dc940c837851ad723096f87af6663e"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "futures-executor"
|
2024-11-09 06:39:11 +03:00
|
|
|
version = "0.3.31"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-09 06:39:11 +03:00
|
|
|
checksum = "1e28d1d997f585e54aebc3f97d39e72338912123a67330d723fdbb564d646c9f"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"futures-core",
|
|
|
|
"futures-task",
|
|
|
|
"futures-util",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "futures-intrusive"
|
|
|
|
version = "0.5.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "1d930c203dd0b6ff06e0201a4a2fe9149b43c684fd4420555b26d21b1a02956f"
|
|
|
|
dependencies = [
|
|
|
|
"futures-core",
|
|
|
|
"lock_api",
|
|
|
|
"parking_lot",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "futures-io"
|
2024-11-09 06:39:11 +03:00
|
|
|
version = "0.3.31"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-09 06:39:11 +03:00
|
|
|
checksum = "9e5c1b78ca4aae1ac06c48a526a655760685149f0d465d21f37abfe57ce075c6"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "futures-sink"
|
2024-11-09 06:39:11 +03:00
|
|
|
version = "0.3.31"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-09 06:39:11 +03:00
|
|
|
checksum = "e575fab7d1e0dcb8d0c7bcf9a63ee213816ab51902e6d244a95819acacf1d4f7"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "futures-task"
|
2024-11-09 06:39:11 +03:00
|
|
|
version = "0.3.31"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-09 06:39:11 +03:00
|
|
|
checksum = "f90f7dce0722e95104fcb095585910c0977252f286e354b5e3bd38902cd99988"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "futures-util"
|
2024-11-09 06:39:11 +03:00
|
|
|
version = "0.3.31"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-09 06:39:11 +03:00
|
|
|
checksum = "9fa08315bb612088cc391249efdc3bc77536f16c91f6cf495e6fbe85b20a4a81"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"futures-core",
|
|
|
|
"futures-io",
|
|
|
|
"futures-sink",
|
|
|
|
"futures-task",
|
|
|
|
"memchr",
|
|
|
|
"pin-project-lite",
|
|
|
|
"pin-utils",
|
|
|
|
"slab",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "generator"
|
2024-12-13 16:04:06 +03:00
|
|
|
version = "0.8.4"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-13 16:04:06 +03:00
|
|
|
checksum = "cc6bd114ceda131d3b1d665eba35788690ad37f5916457286b32ab6fd3c438dd"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
2024-05-16 12:15:58 +03:00
|
|
|
"cfg-if",
|
2023-08-29 13:07:05 +03:00
|
|
|
"libc",
|
|
|
|
"log",
|
|
|
|
"rustversion",
|
|
|
|
"windows",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "generic-array"
|
|
|
|
version = "0.14.7"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
|
|
|
|
dependencies = [
|
|
|
|
"typenum",
|
|
|
|
"version_check",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "getrandom"
|
2024-05-16 12:15:58 +03:00
|
|
|
version = "0.2.15"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-16 12:15:58 +03:00
|
|
|
checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"cfg-if",
|
|
|
|
"libc",
|
2023-10-11 10:36:45 +03:00
|
|
|
"wasi",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "gimli"
|
2024-11-09 06:39:11 +03:00
|
|
|
version = "0.31.1"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-09 06:39:11 +03:00
|
|
|
checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
2024-12-10 06:43:34 +03:00
|
|
|
[[package]]
|
|
|
|
name = "glob"
|
|
|
|
version = "0.3.1"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b"
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "goblin"
|
|
|
|
version = "0.8.2"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "1b363a30c165f666402fe6a3024d3bec7ebc898f96a4a23bd1c99f8dbf3f4f47"
|
|
|
|
dependencies = [
|
|
|
|
"log",
|
|
|
|
"plain",
|
|
|
|
"scroll",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "half"
|
|
|
|
version = "2.4.1"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "6dd08c532ae367adf81c312a4580bc67f1d0fe8bc9c460520283f4c0ff277888"
|
|
|
|
dependencies = [
|
|
|
|
"cfg-if",
|
|
|
|
"crunchy",
|
|
|
|
]
|
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "hashbrown"
|
2024-05-16 12:15:58 +03:00
|
|
|
version = "0.14.5"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-16 12:15:58 +03:00
|
|
|
checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
2024-01-31 09:54:33 +03:00
|
|
|
"ahash",
|
2023-08-29 13:07:05 +03:00
|
|
|
"allocator-api2",
|
|
|
|
]
|
|
|
|
|
2024-11-09 06:39:11 +03:00
|
|
|
[[package]]
|
|
|
|
name = "hashbrown"
|
2024-11-28 06:26:09 +03:00
|
|
|
version = "0.15.2"
|
2024-11-09 06:39:11 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-28 06:26:09 +03:00
|
|
|
checksum = "bf151400ff0baff5465007dd2f3e717f3fe502074ca563069ce3a6629d07b289"
|
2024-11-09 06:39:11 +03:00
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "hashlink"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
version = "0.9.1"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
checksum = "6ba4ff7128dee98c7dc9794b6a411377e1404dba1c97deb8d1a55297bd25d8af"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
2024-11-09 06:39:11 +03:00
|
|
|
"hashbrown 0.14.5",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "heck"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
version = "0.5.0"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "hex"
|
|
|
|
version = "0.4.3"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "hkdf"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.12.4"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"hmac",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "hmac"
|
|
|
|
version = "0.12.1"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e"
|
|
|
|
dependencies = [
|
|
|
|
"digest",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "home"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.5.9"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "e3d1354bf6b7235cb4a0576c2619fd4ed18183f689b12b006a0ee7329eeff9a5"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
2024-04-19 23:14:13 +03:00
|
|
|
"windows-sys 0.52.0",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "iana-time-zone"
|
2024-09-19 11:57:19 +03:00
|
|
|
version = "0.1.61"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-19 11:57:19 +03:00
|
|
|
checksum = "235e081f3925a06703c2d0117ea8b91f042756fd6e7a6e5d901e8ca1a996b220"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"android_system_properties",
|
|
|
|
"core-foundation-sys",
|
|
|
|
"iana-time-zone-haiku",
|
|
|
|
"js-sys",
|
|
|
|
"wasm-bindgen",
|
2024-05-16 12:15:58 +03:00
|
|
|
"windows-core 0.52.0",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "iana-time-zone-haiku"
|
|
|
|
version = "0.1.2"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f"
|
|
|
|
dependencies = [
|
|
|
|
"cc",
|
|
|
|
]
|
|
|
|
|
2024-11-09 06:39:11 +03:00
|
|
|
[[package]]
|
|
|
|
name = "icu_collections"
|
|
|
|
version = "1.5.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "db2fa452206ebee18c4b5c2274dbf1de17008e874b4dc4f0aea9d01ca79e4526"
|
|
|
|
dependencies = [
|
|
|
|
"displaydoc",
|
|
|
|
"yoke",
|
|
|
|
"zerofrom",
|
|
|
|
"zerovec",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "icu_locid"
|
|
|
|
version = "1.5.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "13acbb8371917fc971be86fc8057c41a64b521c184808a698c02acc242dbf637"
|
|
|
|
dependencies = [
|
|
|
|
"displaydoc",
|
|
|
|
"litemap",
|
|
|
|
"tinystr",
|
|
|
|
"writeable",
|
|
|
|
"zerovec",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "icu_locid_transform"
|
|
|
|
version = "1.5.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "01d11ac35de8e40fdeda00d9e1e9d92525f3f9d887cdd7aa81d727596788b54e"
|
|
|
|
dependencies = [
|
|
|
|
"displaydoc",
|
|
|
|
"icu_locid",
|
|
|
|
"icu_locid_transform_data",
|
|
|
|
"icu_provider",
|
|
|
|
"tinystr",
|
|
|
|
"zerovec",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "icu_locid_transform_data"
|
|
|
|
version = "1.5.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "fdc8ff3388f852bede6b579ad4e978ab004f139284d7b28715f773507b946f6e"
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "icu_normalizer"
|
|
|
|
version = "1.5.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "19ce3e0da2ec68599d193c93d088142efd7f9c5d6fc9b803774855747dc6a84f"
|
|
|
|
dependencies = [
|
|
|
|
"displaydoc",
|
|
|
|
"icu_collections",
|
|
|
|
"icu_normalizer_data",
|
|
|
|
"icu_properties",
|
|
|
|
"icu_provider",
|
|
|
|
"smallvec",
|
|
|
|
"utf16_iter",
|
|
|
|
"utf8_iter",
|
|
|
|
"write16",
|
|
|
|
"zerovec",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "icu_normalizer_data"
|
|
|
|
version = "1.5.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "f8cafbf7aa791e9b22bec55a167906f9e1215fd475cd22adfcf660e03e989516"
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "icu_properties"
|
|
|
|
version = "1.5.1"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "93d6020766cfc6302c15dbbc9c8778c37e62c14427cb7f6e601d849e092aeef5"
|
|
|
|
dependencies = [
|
|
|
|
"displaydoc",
|
|
|
|
"icu_collections",
|
|
|
|
"icu_locid_transform",
|
|
|
|
"icu_properties_data",
|
|
|
|
"icu_provider",
|
|
|
|
"tinystr",
|
|
|
|
"zerovec",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "icu_properties_data"
|
|
|
|
version = "1.5.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "67a8effbc3dd3e4ba1afa8ad918d5684b8868b3b26500753effea8d2eed19569"
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "icu_provider"
|
|
|
|
version = "1.5.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "6ed421c8a8ef78d3e2dbc98a973be2f3770cb42b606e3ab18d6237c4dfde68d9"
|
|
|
|
dependencies = [
|
|
|
|
"displaydoc",
|
|
|
|
"icu_locid",
|
|
|
|
"icu_provider_macros",
|
|
|
|
"stable_deref_trait",
|
|
|
|
"tinystr",
|
|
|
|
"writeable",
|
|
|
|
"yoke",
|
|
|
|
"zerofrom",
|
|
|
|
"zerovec",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "icu_provider_macros"
|
|
|
|
version = "1.5.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "1ec89e9337638ecdc08744df490b221a7399bf8d164eb52a665454e60e075ad6"
|
|
|
|
dependencies = [
|
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
|
|
|
"syn",
|
|
|
|
]
|
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "idna"
|
2024-11-09 06:39:11 +03:00
|
|
|
version = "1.0.3"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-09 06:39:11 +03:00
|
|
|
checksum = "686f825264d630750a544639377bae737628043f20d38bbc029e8f29ea968a7e"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
2024-11-09 06:39:11 +03:00
|
|
|
"idna_adapter",
|
|
|
|
"smallvec",
|
|
|
|
"utf8_iter",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "idna_adapter"
|
|
|
|
version = "1.2.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "daca1df1c957320b2cf139ac61e7bd64fed304c5040df000a745aa1de3b4ef71"
|
|
|
|
dependencies = [
|
|
|
|
"icu_normalizer",
|
|
|
|
"icu_properties",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "indexmap"
|
2024-12-03 19:24:21 +03:00
|
|
|
version = "2.7.0"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-03 19:24:21 +03:00
|
|
|
checksum = "62f822373a4fe84d4bb149bf54e584a7f4abec90e072ed49cda0edea5b95471f"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"equivalent",
|
2024-11-28 06:26:09 +03:00
|
|
|
"hashbrown 0.15.2",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
2024-12-10 06:43:34 +03:00
|
|
|
[[package]]
|
|
|
|
name = "is_terminal_polyfill"
|
|
|
|
version = "1.70.1"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "7943c866cc5cd64cbc25b2e01621d07fa8eb2a1a23160ee81ce38704e97b8ecf"
|
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "itoa"
|
2024-11-28 06:26:09 +03:00
|
|
|
version = "1.0.14"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-28 06:26:09 +03:00
|
|
|
checksum = "d75a2a4b1b190afb6f5425f10f6a8f959d2ea0b9c2b1d79553551850539e4674"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "js-sys"
|
2024-12-13 16:04:06 +03:00
|
|
|
version = "0.3.76"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-13 16:04:06 +03:00
|
|
|
checksum = "6717b6b5b077764fb5966237269cb3c64edddde4b14ce42647430a78ced9e7b7"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
2024-12-03 19:24:21 +03:00
|
|
|
"once_cell",
|
2023-08-29 13:07:05 +03:00
|
|
|
"wasm-bindgen",
|
|
|
|
]
|
|
|
|
|
2023-10-18 11:06:07 +03:00
|
|
|
[[package]]
|
|
|
|
name = "keccak"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.1.5"
|
2023-10-18 11:06:07 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "ecc2af9a1119c51f12a14607e783cb977bde58bc069ff0c3da1095e635d70654"
|
2023-10-18 11:06:07 +03:00
|
|
|
dependencies = [
|
|
|
|
"cpufeatures",
|
|
|
|
]
|
|
|
|
|
2024-01-31 09:54:33 +03:00
|
|
|
[[package]]
|
|
|
|
name = "lasso"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.7.3"
|
2024-01-31 09:54:33 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "6e14eda50a3494b3bf7b9ce51c52434a761e383d7238ce1dd5dcec2fbc13e9fb"
|
2024-01-31 09:54:33 +03:00
|
|
|
dependencies = [
|
|
|
|
"dashmap",
|
2024-11-09 06:39:11 +03:00
|
|
|
"hashbrown 0.14.5",
|
2024-01-31 09:54:33 +03:00
|
|
|
]
|
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "lazy_static"
|
2024-06-24 11:06:20 +03:00
|
|
|
version = "1.5.0"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-06-24 11:06:20 +03:00
|
|
|
checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
2024-06-24 11:06:20 +03:00
|
|
|
"spin",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "libc"
|
2024-12-13 16:04:06 +03:00
|
|
|
version = "0.2.168"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-13 16:04:06 +03:00
|
|
|
checksum = "5aaeb2981e0606ca11d79718f8bb01164f1d6ed75080182d3abf017e6d244b6d"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "libloading"
|
2024-12-03 19:24:21 +03:00
|
|
|
version = "0.8.6"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-03 19:24:21 +03:00
|
|
|
checksum = "fc2f4eb4bc735547cfed7c0a4922cbd04a4655978c09b54f1f7b228750664c34"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"cfg-if",
|
2024-12-13 16:04:06 +03:00
|
|
|
"windows-targets 0.52.6",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "libm"
|
2024-11-09 06:39:11 +03:00
|
|
|
version = "0.2.11"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-09 06:39:11 +03:00
|
|
|
checksum = "8355be11b20d696c8f18f6cc018c4e372165b1fa8126cef092399c9951984ffa"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
2024-05-16 10:55:10 +03:00
|
|
|
[[package]]
|
|
|
|
name = "libmimalloc-sys"
|
2024-06-24 11:06:20 +03:00
|
|
|
version = "0.1.39"
|
2024-05-16 10:55:10 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-06-24 11:06:20 +03:00
|
|
|
checksum = "23aa6811d3bd4deb8a84dde645f943476d13b248d818edcf8ce0b2f37f036b44"
|
2024-05-16 10:55:10 +03:00
|
|
|
dependencies = [
|
|
|
|
"cc",
|
|
|
|
"libc",
|
|
|
|
]
|
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "libsqlite3-sys"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
version = "0.30.1"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
checksum = "2e99fb7a497b1e3339bc746195567ed8d3e24945ecd636e3619d20b9de9e9149"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"cc",
|
|
|
|
"pkg-config",
|
|
|
|
"vcpkg",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "linux-raw-sys"
|
2024-05-21 08:08:34 +03:00
|
|
|
version = "0.4.14"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-21 08:08:34 +03:00
|
|
|
checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
2024-11-09 06:39:11 +03:00
|
|
|
[[package]]
|
|
|
|
name = "litemap"
|
2024-11-28 06:26:09 +03:00
|
|
|
version = "0.7.4"
|
2024-11-09 06:39:11 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-28 06:26:09 +03:00
|
|
|
checksum = "4ee93343901ab17bd981295f2cf0026d4ad018c7c31ba84549a4ddbb47a45104"
|
2024-11-09 06:39:11 +03:00
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "lock_api"
|
2024-05-16 12:15:58 +03:00
|
|
|
version = "0.4.12"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-16 12:15:58 +03:00
|
|
|
checksum = "07af8b9cdd281b7915f413fa73f29ebd5d55d0d3f0155584dade1ff18cea1b17"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"autocfg",
|
|
|
|
"scopeguard",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "log"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.4.22"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "loom"
|
2024-05-16 12:15:58 +03:00
|
|
|
version = "0.7.2"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-16 12:15:58 +03:00
|
|
|
checksum = "419e0dc8046cb947daa77eb95ae174acfbddb7673b4151f56d1eed8e93fbfaca"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"cfg-if",
|
|
|
|
"generator",
|
|
|
|
"scoped-tls",
|
|
|
|
"serde",
|
|
|
|
"serde_json",
|
|
|
|
"tracing",
|
|
|
|
"tracing-subscriber",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "matchers"
|
|
|
|
version = "0.1.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "8263075bb86c5a1b1427b5ae862e8889656f126e9f77c484496e8b47cf5c5558"
|
|
|
|
dependencies = [
|
|
|
|
"regex-automata 0.1.10",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "md-5"
|
2023-10-11 10:36:45 +03:00
|
|
|
version = "0.10.6"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-10-11 10:36:45 +03:00
|
|
|
checksum = "d89e7ee0cfbedfc4da3340218492196241d89eefb6dab27de5df917a6d2e78cf"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
2023-10-11 10:36:45 +03:00
|
|
|
"cfg-if",
|
2023-08-29 13:07:05 +03:00
|
|
|
"digest",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "memchr"
|
2024-06-24 11:06:20 +03:00
|
|
|
version = "2.7.4"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-06-24 11:06:20 +03:00
|
|
|
checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3"
|
2023-11-27 10:24:07 +03:00
|
|
|
|
2024-05-16 10:55:10 +03:00
|
|
|
[[package]]
|
|
|
|
name = "mimalloc"
|
2024-06-24 11:06:20 +03:00
|
|
|
version = "0.1.43"
|
2024-05-16 10:55:10 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-06-24 11:06:20 +03:00
|
|
|
checksum = "68914350ae34959d83f732418d51e2427a794055d0b9529f48259ac07af65633"
|
2024-05-16 10:55:10 +03:00
|
|
|
dependencies = [
|
|
|
|
"libmimalloc-sys",
|
|
|
|
]
|
|
|
|
|
2024-12-10 06:43:34 +03:00
|
|
|
[[package]]
|
|
|
|
name = "mime"
|
|
|
|
version = "0.3.17"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a"
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "mime_guess"
|
|
|
|
version = "2.0.5"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "f7c44f8e672c00fe5308fa235f821cb4198414e1c77935c1ab6948d3fd78550e"
|
|
|
|
dependencies = [
|
|
|
|
"mime",
|
|
|
|
"unicase",
|
|
|
|
]
|
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "minimal-lexical"
|
|
|
|
version = "0.2.1"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "miniz_oxide"
|
2024-09-13 10:11:05 +03:00
|
|
|
version = "0.8.0"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-13 10:11:05 +03:00
|
|
|
checksum = "e2d80299ef12ff69b16a84bb182e3b9df68b5a91574d3d4fa6e41b65deec4df1"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
2024-09-13 10:11:05 +03:00
|
|
|
"adler2",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
chore: bump up all non-major dependencies (#7925)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type | Update |
|---|---|---|---|---|---|---|---|
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@chromatic-com/storybook](https://togithub.com/chromaui/addon-visual-tests) | [`1.6.1` -> `1.7.0`](https://renovatebot.com/diffs/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [@fal-ai/serverless-client](https://togithub.com/fal-ai/fal-js) ([source](https://togithub.com/fal-ai/fal-js/tree/HEAD/libs/client)) | [`^0.13.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@napi-rs/cli](https://togithub.com/napi-rs/napi-rs) | [`3.0.0-alpha.60` -> `3.0.0-alpha.62`](https://renovatebot.com/diffs/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@playwright/test](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@types/react](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/react) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react)) | [`18.3.3` -> `18.3.4`](https://renovatebot.com/diffs/npm/@types%2freact/18.3.3/18.3.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/css](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/css)) | [`1.15.4` -> `1.15.5`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fcss/1.15.4/1.15.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/vite-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/vite-plugin)) | [`4.0.14` -> `4.0.15`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/webpack-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/webpack-plugin)) | [`2.3.12` -> `2.3.13`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [dayjs](https://day.js.org) ([source](https://togithub.com/iamkun/dayjs)) | [`1.11.12` -> `1.11.13`](https://renovatebot.com/diffs/npm/dayjs/1.11.12/1.11.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [electron](https://togithub.com/electron/electron) | [`32.0.0` -> `32.0.1`](https://renovatebot.com/diffs/npm/electron/32.0.0/32.0.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [embla-carousel-react](https://www.embla-carousel.com) ([source](https://togithub.com/davidjerleke/embla-carousel)) | [`8.1.8` -> `8.2.0`](https://renovatebot.com/diffs/npm/embla-carousel-react/8.1.8/8.2.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [husky](https://togithub.com/typicode/husky) | [`9.1.4` -> `9.1.5`](https://renovatebot.com/diffs/npm/husky/9.1.4/9.1.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [jotai-scope](https://togithub.com/jotaijs/jotai-scope) | [`0.7.1` -> `0.7.2`](https://renovatebot.com/diffs/npm/jotai-scope/0.7.1/0.7.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [lucide-react](https://lucide.dev) ([source](https://togithub.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react)) | [`^0.408.0` -> `^0.429.0`](https://renovatebot.com/diffs/npm/lucide-react/0.408.0/0.429.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [napi](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.7` -> `3.0.0-alpha.8` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [napi-derive](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.6` -> `3.0.0-alpha.7` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [nestjs-throttler-storage-redis](https://togithub.com/kkoomen/nestjs-throttler-storage-redis) | [`^0.4.1` -> `^0.5.0`](https://renovatebot.com/diffs/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [node](https://nodejs.org) ([source](https://togithub.com/nodejs/node)) | `20.15.1` -> `20.16.0` | [![age](https://developer.mend.io/api/mc/badges/age/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor |
| openresty/openresty | `1.25.3.1-0-buster` -> `1.25.3.2-0-buster` | [![age](https://developer.mend.io/api/mc/badges/age/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | final | patch |
| [playwright](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/playwright/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [react-refresh](https://reactjs.org/) ([source](https://togithub.com/facebook/react/tree/HEAD/packages/react)) | [`^0.10.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/react-refresh/0.10.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [serde](https://serde.rs) ([source](https://togithub.com/serde-rs/serde)) | `1.0.204` -> `1.0.208` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [serde_json](https://togithub.com/serde-rs/json) | `1.0.120` -> `1.0.125` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [storybook-dark-mode](https://togithub.com/hipstersmoothie/storybook-dark-mode) | [`4.0.1` -> `4.0.2`](https://renovatebot.com/diffs/npm/storybook-dark-mode/4.0.1/4.0.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dev-dependencies | minor |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | minor |
| [vite](https://vitejs.dev) ([source](https://togithub.com/vitejs/vite/tree/HEAD/packages/vite)) | [`5.4.1` -> `5.4.2`](https://renovatebot.com/diffs/npm/vite/5.4.1/5.4.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [vite-plugin-dts](https://togithub.com/qmhc/vite-plugin-dts) | [`4.0.2` -> `4.0.3`](https://renovatebot.com/diffs/npm/vite-plugin-dts/4.0.2/4.0.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [wrangler](https://togithub.com/cloudflare/workers-sdk) ([source](https://togithub.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler)) | [`3.72.0` -> `3.72.1`](https://renovatebot.com/diffs/npm/wrangler/3.72.0/3.72.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
---
### Release Notes
<details>
<summary>aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)</summary>
### [`v3.635.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#36350-2024-08-20)
[Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.633.0...v3.635.0)
##### Features
- **client-s3:** Amazon Simple Storage Service / Features : Add support for conditional writes for PutObject and CompleteMultipartUpload APIs. ([b474584](https://togithub.com/aws/aws-sdk-js-v3/commit/b474584f2cfb0438fb1007d0594a54cf1a1c2dcb))
- **codegen:** add Smithy RPCv2 CBOR to list of protocols ([#​6096](https://togithub.com/aws/aws-sdk-js-v3/issues/6096)) ([5154d4f](https://togithub.com/aws/aws-sdk-js-v3/commit/5154d4f19bc77a7bad075b35ce135d3b5f60ad1d))
</details>
<details>
<summary>chromaui/addon-visual-tests (@​chromatic-com/storybook)</summary>
### [`v1.7.0`](https://togithub.com/chromaui/addon-visual-tests/blob/HEAD/CHANGELOG.md#v170-Tue-Aug-20-2024)
[Compare Source](https://togithub.com/chromaui/addon-visual-tests/compare/v1.6.1...v1.7.0)
##### 🚀 Enhancement
- Update story status reporting for Storybook 8.3 and use new `SET_FILTER` event [#​332](https://togithub.com/chromaui/addon-visual-tests/pull/332) ([@​ghengeveld](https://togithub.com/ghengeveld))
##### Authors: 1
- Gert Hengeveld ([@​ghengeveld](https://togithub.com/ghengeveld))
***
</details>
<details>
<summary>emotion-js/emotion (@​emotion/react)</summary>
### [`v11.13.3`](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...3f468846855ed1c6092922a6317a6f5df0ba8dcc)
[Compare Source](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...@emotion/react@11.13.3)
</details>
<details>
<summary>fal-ai/fal-js (@​fal-ai/serverless-client)</summary>
### [`v0.14.2`](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
### [`v0.14.1`](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
### [`v0.14.0`](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
</details>
<details>
<summary>napi-rs/napi-rs (@​napi-rs/cli)</summary>
### [`v3.0.0-alpha.62`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
### [`v3.0.0-alpha.61`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
</details>
<details>
<summary>microsoft/playwright (@​playwright/test)</summary>
### [`v1.46.1`](https://togithub.com/microsoft/playwright/compare/v1.46.0...e1c861cfa7a6caf3c5b798786b1e6298c4f3cf31)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.46.0...v1.46.1)
### [`v1.46.0`](https://togithub.com/microsoft/playwright/compare/v1.45.3...99a36310570617222290c09b96a2026beb8b00f9)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.3...v1.46.0)
### [`v1.45.3`](https://togithub.com/microsoft/playwright/compare/v1.45.2...0e130fa8edaf85765c4a5a86bded0e6d33bfd7c2)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.2...v1.45.3)
### [`v1.45.2`](https://togithub.com/microsoft/playwright/compare/v1.45.1...d8a5f3b33193e413b404ff4aa1f71e859d8f1b6b)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.1...v1.45.2)
### [`v1.45.1`](https://togithub.com/microsoft/playwright/compare/v1.45.0...e8989f83d9801cdaadc3803b5341c601c9593947)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.0...v1.45.1)
### [`v1.45.0`](https://togithub.com/microsoft/playwright/compare/v1.44.1...4f3f6eecae490af444dd9298c9eaeb0c596915b7)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.44.1...v1.45.0)
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/css)</summary>
### [`v1.15.5`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/css/CHANGELOG.md#1155)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/css@1.15.4...@vanilla-extract/css@1.15.5)
##### Patch Changes
- [#​1466](https://togithub.com/vanilla-extract-css/vanilla-extract/pull/1466) [`6432199fa0717f424fb3f45fbe36410b03b01c1c`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/6432199fa0717f424fb3f45fbe36410b03b01c1c) Thanks [@​askoufis](https://togithub.com/askoufis)! - Speed up dev prefix generation for long file paths
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/vite-plugin)</summary>
### [`v4.0.15`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/vite-plugin/CHANGELOG.md#4015)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/vite-plugin@4.0.14...@vanilla-extract/vite-plugin@4.0.15)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/webpack-plugin)</summary>
### [`v2.3.13`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/webpack-plugin/CHANGELOG.md#2313)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/webpack-plugin@2.3.12...@vanilla-extract/webpack-plugin@2.3.13)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>zloirock/core-js (core-js)</summary>
### [`v3.38.1`](https://togithub.com/zloirock/core-js/blob/HEAD/CHANGELOG.md#3381---20240820)
[Compare Source](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Changes [v3.38.0...v3.38.1](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Fixed some cases of `URLSearchParams` percent decoding, [#​1357](https://togithub.com/zloirock/core-js/issues/1357), [#​1361](https://togithub.com/zloirock/core-js/pull/1361), thanks [**@​slowcheetah**](https://togithub.com/slowcheetah)
- Some stylistic changes and minor optimizations
- Compat data improvements:
- [`Iterator` helpers proposal](https://togithub.com/tc39/proposal-iterator-helpers) methods marked as [shipped from FF131](https://bugzilla.mozilla.org/show_bug.cgi?id=1896390)
- [`Math.f16round` and `DataView.prototype.{ getFloat16, setFloat16 }`](https://togithub.com/tc39/proposal-float16array) marked as shipped from Bun 1.1.23
- [`RegExp.escape`](https://togithub.com/tc39/proposal-regex-escaping) marked as shipped from Bun 1.1.22
- [`Promise.try`](https://togithub.com/tc39/proposal-promise-try) marked as shipped from Bun 1.1.22
- [`Uint8Array` to / from base64 and hex proposal](https://togithub.com/tc39/proposal-arraybuffer-base64) methods marked as shipped from Bun 1.1.22
- Added Hermes 0.13 compat data, similar to React Native 0.75 Hermes
- Added Opera Android 84 compat data mapping
</details>
<details>
<summary>iamkun/dayjs (dayjs)</summary>
### [`v1.11.13`](https://togithub.com/iamkun/dayjs/compare/v1.11.12...93c8fd0f807b8a8252f4cd65083bb1d6a49b90e7)
[Compare Source](https://togithub.com/iamkun/dayjs/compare/v1.11.12...v1.11.13)
</details>
<details>
<summary>electron/electron (electron)</summary>
### [`v32.0.1`](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
[Compare Source](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
</details>
<details>
<summary>davidjerleke/embla-carousel (embla-carousel-react)</summary>
### [`v8.2.0`](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...6baf1555c6f68e88a7f785213ecf363f447a8b2f)
[Compare Source](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...v8.2.0)
</details>
<details>
<summary>typicode/husky (husky)</summary>
### [`v9.1.5`](https://togithub.com/typicode/husky/compare/v9.1.4...2fee8d212c601942ad146ea9209f15c20a07fb6d)
[Compare Source](https://togithub.com/typicode/husky/compare/v9.1.4...v9.1.5)
</details>
<details>
<summary>jotaijs/jotai-scope (jotai-scope)</summary>
### [`v0.7.2`](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
[Compare Source](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
</details>
<details>
<summary>lucide-icons/lucide (lucide-react)</summary>
### [`v0.429.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.429.0): New icons 0.429.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.428.0...0.429.0)
#### Modified Icons 🔨
- `message-square-dashed` ([#​2374](https://togithub.com/lucide-icons/lucide/issues/2374)) by [@​jguddas](https://togithub.com/jguddas)
- `stethoscope` ([#​2379](https://togithub.com/lucide-icons/lucide/issues/2379)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.428.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.428.0): New icons 0.428.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.427.0...0.428.0)
#### New icons 🎨
- `tickets-plane` ([#​2196](https://togithub.com/lucide-icons/lucide/issues/2196)) by [@​jguddas](https://togithub.com/jguddas)
#### Modified Icons 🔨
- `folder-search` ([#​2354](https://togithub.com/lucide-icons/lucide/issues/2354)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.427.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.427.0): New icons 0.427.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.426.0...0.427.0)
#### New icons 🎨
- `binoculars` ([#​2207](https://togithub.com/lucide-icons/lucide/issues/2207)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `tickets` ([#​2335](https://togithub.com/lucide-icons/lucide/issues/2335)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.426.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.426.0): New icons 0.426.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.425.0...0.426.0)
#### New icons 🎨
- `chevrons-left-right-ellipsis` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
- `ethernet-port` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
#### Modified Icons 🔨
- `cigarette-off` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
- `cigarette` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.425.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.425.0): New icons 0.425.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.424.0...0.425.0)
#### New icons 🎨
- `bandage` ([#​2341](https://togithub.com/lucide-icons/lucide/issues/2341)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `table-of-contents` ([#​2348](https://togithub.com/lucide-icons/lucide/issues/2348)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `mouse-pointer-2` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-ban` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-click` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-dashed-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.424.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.424.0): New icons 0.424.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.423.0...0.424.0)
#### New icons 🎨
- `map-pin-house` ([#​2337](https://togithub.com/lucide-icons/lucide/issues/2337)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `replace-all` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
- `replace` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.423.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.423.0): New icons 0.423.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.422.0...0.423.0)
#### New icons 🎨
- `amphora` ([#​1926](https://togithub.com/lucide-icons/lucide/issues/1926)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.422.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.422.0): New icons 0.422.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.421.0...0.422.0)
#### Modified Icons 🔨
- `skull` ([#​2197](https://togithub.com/lucide-icons/lucide/issues/2197)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.421.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.421.0): New icons 0.421.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.420.0...0.421.0)
#### New icons 🎨
- `microchip` ([#​1982](https://togithub.com/lucide-icons/lucide/issues/1982)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `circle-check-big` ([#​2330](https://togithub.com/lucide-icons/lucide/issues/2330)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-download` ([#​2355](https://togithub.com/lucide-icons/lucide/issues/2355)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `pentagon` ([#​1918](https://togithub.com/lucide-icons/lucide/issues/1918)) by [@​jguddas](https://togithub.com/jguddas)
- `square-check-big` ([#​2331](https://togithub.com/lucide-icons/lucide/issues/2331)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.420.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.420.0): New icons 0.420.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.419.0...0.420.0)
#### New icons 🎨
- `omega` ([#​2347](https://togithub.com/lucide-icons/lucide/issues/2347)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `calendar-search` ([#​2351](https://togithub.com/lucide-icons/lucide/issues/2351)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-upload` ([#​2352](https://togithub.com/lucide-icons/lucide/issues/2352)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.419.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.419.0): New icons 0.419.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.418.0...0.419.0)
#### New icons 🎨
- `circle-fading-arrow-up` ([#​2287](https://togithub.com/lucide-icons/lucide/issues/2287)) by [@​mosch](https://togithub.com/mosch)
### [`v0.418.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.418.0): New icons 0.418.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.417.0...0.418.0)
#### New icons 🎨
- `id-card` ([#​1296](https://togithub.com/lucide-icons/lucide/issues/1296)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.417.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.417.0): New icons 0.417.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.416.0...0.417.0)
#### Modified Icons 🔨
- `chart-column-increasing` ([#​2334](https://togithub.com/lucide-icons/lucide/issues/2334)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.416.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.416.0): New icons 0.416.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.415.0...0.416.0)
#### New icons 🎨
- `map-pin-check-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-check` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `map-pin-off` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pinned` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.415.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.415.0): New icons 0.415.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.414.0...0.415.0)
#### New icons 🎨
- `square-square` ([#​2241](https://togithub.com/lucide-icons/lucide/issues/2241)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.414.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.414.0): New icons 0.414.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.413.0...0.414.0)
#### New icons 🎨
- `chart-area` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-decreasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-big` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-network` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-no-axes-combined` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-spline` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.413.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.413.0): New icons 0.413.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.412.0...0.413.0)
#### New icons 🎨
- `dam` ([#​2233](https://togithub.com/lucide-icons/lucide/issues/2233)) by [@​AndreasSas](https://togithub.com/AndreasSas)
#### Modified Icons 🔨
- `dog` ([#​2249](https://togithub.com/lucide-icons/lucide/issues/2249)) by [@​jguddas](https://togithub.com/jguddas)
- `key-square` ([#​2277](https://togithub.com/lucide-icons/lucide/issues/2277)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.412.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.412.0): New icons 0.412.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.411.0...0.412.0)
#### New icons 🎨
- `letter-text` ([#​2252](https://togithub.com/lucide-icons/lucide/issues/2252)) by [@​GRA0007](https://togithub.com/GRA0007)
### [`v0.411.0`](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
### [`v0.410.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.410.0): New icons 0.410.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.409.0...0.410.0)
#### New icons 🎨
- `philippine-peso` ([#​2231](https://togithub.com/lucide-icons/lucide/issues/2231)) by [@​kasutu](https://togithub.com/kasutu)
#### Modified Icons 🔨
- `ribbon` ([#​2271](https://togithub.com/lucide-icons/lucide/issues/2271)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.409.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.409.0): New icons 0.409.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.408.0...0.409.0)
#### Modified Icons 🔨
- `calendar-minus` ([#​2265](https://togithub.com/lucide-icons/lucide/issues/2265)) by [@​jguddas](https://togithub.com/jguddas)
- `eye-off` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `image-plus` ([#​2321](https://togithub.com/lucide-icons/lucide/issues/2321)) by [@​jguddas](https://togithub.com/jguddas)
- `scan-eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `view` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
</details>
<details>
<summary>nodejs/node (node)</summary>
### [`v20.16.0`](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
[Compare Source](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
</details>
<details>
<summary>facebook/react (react-refresh)</summary>
### [`v0.14.2`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0142-November-2-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.1...v0.14.2)
##### React DOM
- Fixed bug with development build preventing events from firing in some versions of Internet Explorer & Edge
- Fixed bug with development build when using es5-sham in older versions of Internet Explorer
- Added support for `integrity` attribute
- Fixed bug resulting in `children` prop being coerced to a string for custom elements, which was not the desired behavior
- Moved `react` from `dependencies` to `peerDependencies` to match expectations and align with `react-addons-*` packages
### [`v0.14.1`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#01410-October-14-2020)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.0...v0.14.1)
##### React
- Backport support for the [new JSX transform](https://reactjs.org/blog/2020/09/22/introducing-the-new-jsx-transform.html) to 0.14.x. ([@​lunaruan](https://togithub.com/lunaruan) in [#​18299](https://togithub.com/facebook/react/pull/18299) and [@​gaearon](https://togithub.com/gaearon) in [#​20024](https://togithub.com/facebook/react/pull/20024))
### [`v0.14.0`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0140-October-7-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.13.0...v0.14.0)
##### Major changes
- Split the main `react` package into two: `react` and `react-dom`. This paves the way to writing components that can be shared between the web version of React and React Native. This means you will need to include both files and some functions have been moved from `React` to `ReactDOM`.
- Addons have been moved to separate packages (`react-addons-clone-with-props`, `react-addons-create-fragment`, `react-addons-css-transition-group`, `react-addons-linked-state-mixin`, `react-addons-perf`, `react-addons-pure-render-mixin`, `react-addons-shallow-compare`, `react-addons-test-utils`, `react-addons-transition-group`, `react-addons-update`, `ReactDOM.unstable_batchedUpdates`).
- Stateless functional components - React components were previously created using React.createClass or using ES6 classes. This release adds a [new syntax](https://reactjs.org/docs/reusable-components.html#stateless-functions) where a user defines a single [stateless render function](https://reactjs.org/docs/reusable-components.html#stateless-functions) (with one parameter: `props`) which returns a JSX element, and this function may be used as a component.
- Refs to DOM components as the DOM node itself. Previously the only useful thing you can do with a DOM component is call `getDOMNode()` to get the underlying DOM node. Starting with this release, a ref to a DOM component *is* the actual DOM node. **Note that refs to custom (user-defined) components work exactly as before; only the built-in DOM components are affected by this change.**
##### Breaking changes
- `React.initializeTouchEvents` is no longer necessary and has been removed completely. Touch events now work automatically.
- Add-Ons: Due to the DOM node refs change mentioned above, `TestUtils.findAllInRenderedTree` and related helpers are no longer able to take a DOM component, only a custom component.
- The `props` object is now frozen, so mutating props after creating a component element is no longer supported. In most cases, [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) should be used instead. This change makes your components easier to reason about and enables the compiler optimizations mentioned above.
- Plain objects are no longer supported as React children; arrays should be used instead. You can use the [`createFragment`](https://reactjs.org/docs/create-fragment.html) helper to migrate, which now returns an array.
- Add-Ons: `classSet` has been removed. Use [classnames](https://togithub.com/JedWatson/classnames) instead.
- Web components (custom elements) now use native property names. Eg: `class` instead of `className`.
##### Deprecations
- `this.getDOMNode()` is now deprecated and `ReactDOM.findDOMNode(this)` can be used instead. Note that in the common case, `findDOMNode` is now unnecessary since a ref to the DOM component is now the actual DOM node.
- `setProps` and `replaceProps` are now deprecated. Instead, call ReactDOM.render again at the top level with the new props.
- ES6 component classes must now extend `React.Component` in order to enable stateless function components. The [ES3 module pattern](https://reactjs.org/blog/2015/01/27/react-v0.13.0-beta-1.html#other-languages) will continue to work.
- Reusing and mutating a `style` object between renders has been deprecated. This mirrors our change to freeze the `props` object.
- Add-Ons: `cloneWithProps` is now deprecated. Use [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) instead (unlike `cloneW
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-22 07:12:22 +03:00
|
|
|
[[package]]
|
|
|
|
name = "mio"
|
2024-12-03 19:24:21 +03:00
|
|
|
version = "1.0.3"
|
chore: bump up all non-major dependencies (#7925)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type | Update |
|---|---|---|---|---|---|---|---|
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@chromatic-com/storybook](https://togithub.com/chromaui/addon-visual-tests) | [`1.6.1` -> `1.7.0`](https://renovatebot.com/diffs/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [@fal-ai/serverless-client](https://togithub.com/fal-ai/fal-js) ([source](https://togithub.com/fal-ai/fal-js/tree/HEAD/libs/client)) | [`^0.13.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@napi-rs/cli](https://togithub.com/napi-rs/napi-rs) | [`3.0.0-alpha.60` -> `3.0.0-alpha.62`](https://renovatebot.com/diffs/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@playwright/test](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@types/react](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/react) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react)) | [`18.3.3` -> `18.3.4`](https://renovatebot.com/diffs/npm/@types%2freact/18.3.3/18.3.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/css](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/css)) | [`1.15.4` -> `1.15.5`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fcss/1.15.4/1.15.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/vite-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/vite-plugin)) | [`4.0.14` -> `4.0.15`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/webpack-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/webpack-plugin)) | [`2.3.12` -> `2.3.13`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [dayjs](https://day.js.org) ([source](https://togithub.com/iamkun/dayjs)) | [`1.11.12` -> `1.11.13`](https://renovatebot.com/diffs/npm/dayjs/1.11.12/1.11.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [electron](https://togithub.com/electron/electron) | [`32.0.0` -> `32.0.1`](https://renovatebot.com/diffs/npm/electron/32.0.0/32.0.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [embla-carousel-react](https://www.embla-carousel.com) ([source](https://togithub.com/davidjerleke/embla-carousel)) | [`8.1.8` -> `8.2.0`](https://renovatebot.com/diffs/npm/embla-carousel-react/8.1.8/8.2.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [husky](https://togithub.com/typicode/husky) | [`9.1.4` -> `9.1.5`](https://renovatebot.com/diffs/npm/husky/9.1.4/9.1.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [jotai-scope](https://togithub.com/jotaijs/jotai-scope) | [`0.7.1` -> `0.7.2`](https://renovatebot.com/diffs/npm/jotai-scope/0.7.1/0.7.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [lucide-react](https://lucide.dev) ([source](https://togithub.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react)) | [`^0.408.0` -> `^0.429.0`](https://renovatebot.com/diffs/npm/lucide-react/0.408.0/0.429.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [napi](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.7` -> `3.0.0-alpha.8` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [napi-derive](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.6` -> `3.0.0-alpha.7` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [nestjs-throttler-storage-redis](https://togithub.com/kkoomen/nestjs-throttler-storage-redis) | [`^0.4.1` -> `^0.5.0`](https://renovatebot.com/diffs/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [node](https://nodejs.org) ([source](https://togithub.com/nodejs/node)) | `20.15.1` -> `20.16.0` | [![age](https://developer.mend.io/api/mc/badges/age/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor |
| openresty/openresty | `1.25.3.1-0-buster` -> `1.25.3.2-0-buster` | [![age](https://developer.mend.io/api/mc/badges/age/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | final | patch |
| [playwright](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/playwright/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [react-refresh](https://reactjs.org/) ([source](https://togithub.com/facebook/react/tree/HEAD/packages/react)) | [`^0.10.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/react-refresh/0.10.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [serde](https://serde.rs) ([source](https://togithub.com/serde-rs/serde)) | `1.0.204` -> `1.0.208` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [serde_json](https://togithub.com/serde-rs/json) | `1.0.120` -> `1.0.125` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [storybook-dark-mode](https://togithub.com/hipstersmoothie/storybook-dark-mode) | [`4.0.1` -> `4.0.2`](https://renovatebot.com/diffs/npm/storybook-dark-mode/4.0.1/4.0.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dev-dependencies | minor |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | minor |
| [vite](https://vitejs.dev) ([source](https://togithub.com/vitejs/vite/tree/HEAD/packages/vite)) | [`5.4.1` -> `5.4.2`](https://renovatebot.com/diffs/npm/vite/5.4.1/5.4.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [vite-plugin-dts](https://togithub.com/qmhc/vite-plugin-dts) | [`4.0.2` -> `4.0.3`](https://renovatebot.com/diffs/npm/vite-plugin-dts/4.0.2/4.0.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [wrangler](https://togithub.com/cloudflare/workers-sdk) ([source](https://togithub.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler)) | [`3.72.0` -> `3.72.1`](https://renovatebot.com/diffs/npm/wrangler/3.72.0/3.72.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
---
### Release Notes
<details>
<summary>aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)</summary>
### [`v3.635.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#36350-2024-08-20)
[Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.633.0...v3.635.0)
##### Features
- **client-s3:** Amazon Simple Storage Service / Features : Add support for conditional writes for PutObject and CompleteMultipartUpload APIs. ([b474584](https://togithub.com/aws/aws-sdk-js-v3/commit/b474584f2cfb0438fb1007d0594a54cf1a1c2dcb))
- **codegen:** add Smithy RPCv2 CBOR to list of protocols ([#​6096](https://togithub.com/aws/aws-sdk-js-v3/issues/6096)) ([5154d4f](https://togithub.com/aws/aws-sdk-js-v3/commit/5154d4f19bc77a7bad075b35ce135d3b5f60ad1d))
</details>
<details>
<summary>chromaui/addon-visual-tests (@​chromatic-com/storybook)</summary>
### [`v1.7.0`](https://togithub.com/chromaui/addon-visual-tests/blob/HEAD/CHANGELOG.md#v170-Tue-Aug-20-2024)
[Compare Source](https://togithub.com/chromaui/addon-visual-tests/compare/v1.6.1...v1.7.0)
##### 🚀 Enhancement
- Update story status reporting for Storybook 8.3 and use new `SET_FILTER` event [#​332](https://togithub.com/chromaui/addon-visual-tests/pull/332) ([@​ghengeveld](https://togithub.com/ghengeveld))
##### Authors: 1
- Gert Hengeveld ([@​ghengeveld](https://togithub.com/ghengeveld))
***
</details>
<details>
<summary>emotion-js/emotion (@​emotion/react)</summary>
### [`v11.13.3`](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...3f468846855ed1c6092922a6317a6f5df0ba8dcc)
[Compare Source](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...@emotion/react@11.13.3)
</details>
<details>
<summary>fal-ai/fal-js (@​fal-ai/serverless-client)</summary>
### [`v0.14.2`](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
### [`v0.14.1`](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
### [`v0.14.0`](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
</details>
<details>
<summary>napi-rs/napi-rs (@​napi-rs/cli)</summary>
### [`v3.0.0-alpha.62`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
### [`v3.0.0-alpha.61`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
</details>
<details>
<summary>microsoft/playwright (@​playwright/test)</summary>
### [`v1.46.1`](https://togithub.com/microsoft/playwright/compare/v1.46.0...e1c861cfa7a6caf3c5b798786b1e6298c4f3cf31)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.46.0...v1.46.1)
### [`v1.46.0`](https://togithub.com/microsoft/playwright/compare/v1.45.3...99a36310570617222290c09b96a2026beb8b00f9)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.3...v1.46.0)
### [`v1.45.3`](https://togithub.com/microsoft/playwright/compare/v1.45.2...0e130fa8edaf85765c4a5a86bded0e6d33bfd7c2)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.2...v1.45.3)
### [`v1.45.2`](https://togithub.com/microsoft/playwright/compare/v1.45.1...d8a5f3b33193e413b404ff4aa1f71e859d8f1b6b)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.1...v1.45.2)
### [`v1.45.1`](https://togithub.com/microsoft/playwright/compare/v1.45.0...e8989f83d9801cdaadc3803b5341c601c9593947)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.0...v1.45.1)
### [`v1.45.0`](https://togithub.com/microsoft/playwright/compare/v1.44.1...4f3f6eecae490af444dd9298c9eaeb0c596915b7)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.44.1...v1.45.0)
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/css)</summary>
### [`v1.15.5`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/css/CHANGELOG.md#1155)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/css@1.15.4...@vanilla-extract/css@1.15.5)
##### Patch Changes
- [#​1466](https://togithub.com/vanilla-extract-css/vanilla-extract/pull/1466) [`6432199fa0717f424fb3f45fbe36410b03b01c1c`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/6432199fa0717f424fb3f45fbe36410b03b01c1c) Thanks [@​askoufis](https://togithub.com/askoufis)! - Speed up dev prefix generation for long file paths
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/vite-plugin)</summary>
### [`v4.0.15`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/vite-plugin/CHANGELOG.md#4015)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/vite-plugin@4.0.14...@vanilla-extract/vite-plugin@4.0.15)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/webpack-plugin)</summary>
### [`v2.3.13`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/webpack-plugin/CHANGELOG.md#2313)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/webpack-plugin@2.3.12...@vanilla-extract/webpack-plugin@2.3.13)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>zloirock/core-js (core-js)</summary>
### [`v3.38.1`](https://togithub.com/zloirock/core-js/blob/HEAD/CHANGELOG.md#3381---20240820)
[Compare Source](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Changes [v3.38.0...v3.38.1](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Fixed some cases of `URLSearchParams` percent decoding, [#​1357](https://togithub.com/zloirock/core-js/issues/1357), [#​1361](https://togithub.com/zloirock/core-js/pull/1361), thanks [**@​slowcheetah**](https://togithub.com/slowcheetah)
- Some stylistic changes and minor optimizations
- Compat data improvements:
- [`Iterator` helpers proposal](https://togithub.com/tc39/proposal-iterator-helpers) methods marked as [shipped from FF131](https://bugzilla.mozilla.org/show_bug.cgi?id=1896390)
- [`Math.f16round` and `DataView.prototype.{ getFloat16, setFloat16 }`](https://togithub.com/tc39/proposal-float16array) marked as shipped from Bun 1.1.23
- [`RegExp.escape`](https://togithub.com/tc39/proposal-regex-escaping) marked as shipped from Bun 1.1.22
- [`Promise.try`](https://togithub.com/tc39/proposal-promise-try) marked as shipped from Bun 1.1.22
- [`Uint8Array` to / from base64 and hex proposal](https://togithub.com/tc39/proposal-arraybuffer-base64) methods marked as shipped from Bun 1.1.22
- Added Hermes 0.13 compat data, similar to React Native 0.75 Hermes
- Added Opera Android 84 compat data mapping
</details>
<details>
<summary>iamkun/dayjs (dayjs)</summary>
### [`v1.11.13`](https://togithub.com/iamkun/dayjs/compare/v1.11.12...93c8fd0f807b8a8252f4cd65083bb1d6a49b90e7)
[Compare Source](https://togithub.com/iamkun/dayjs/compare/v1.11.12...v1.11.13)
</details>
<details>
<summary>electron/electron (electron)</summary>
### [`v32.0.1`](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
[Compare Source](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
</details>
<details>
<summary>davidjerleke/embla-carousel (embla-carousel-react)</summary>
### [`v8.2.0`](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...6baf1555c6f68e88a7f785213ecf363f447a8b2f)
[Compare Source](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...v8.2.0)
</details>
<details>
<summary>typicode/husky (husky)</summary>
### [`v9.1.5`](https://togithub.com/typicode/husky/compare/v9.1.4...2fee8d212c601942ad146ea9209f15c20a07fb6d)
[Compare Source](https://togithub.com/typicode/husky/compare/v9.1.4...v9.1.5)
</details>
<details>
<summary>jotaijs/jotai-scope (jotai-scope)</summary>
### [`v0.7.2`](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
[Compare Source](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
</details>
<details>
<summary>lucide-icons/lucide (lucide-react)</summary>
### [`v0.429.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.429.0): New icons 0.429.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.428.0...0.429.0)
#### Modified Icons 🔨
- `message-square-dashed` ([#​2374](https://togithub.com/lucide-icons/lucide/issues/2374)) by [@​jguddas](https://togithub.com/jguddas)
- `stethoscope` ([#​2379](https://togithub.com/lucide-icons/lucide/issues/2379)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.428.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.428.0): New icons 0.428.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.427.0...0.428.0)
#### New icons 🎨
- `tickets-plane` ([#​2196](https://togithub.com/lucide-icons/lucide/issues/2196)) by [@​jguddas](https://togithub.com/jguddas)
#### Modified Icons 🔨
- `folder-search` ([#​2354](https://togithub.com/lucide-icons/lucide/issues/2354)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.427.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.427.0): New icons 0.427.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.426.0...0.427.0)
#### New icons 🎨
- `binoculars` ([#​2207](https://togithub.com/lucide-icons/lucide/issues/2207)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `tickets` ([#​2335](https://togithub.com/lucide-icons/lucide/issues/2335)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.426.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.426.0): New icons 0.426.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.425.0...0.426.0)
#### New icons 🎨
- `chevrons-left-right-ellipsis` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
- `ethernet-port` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
#### Modified Icons 🔨
- `cigarette-off` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
- `cigarette` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.425.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.425.0): New icons 0.425.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.424.0...0.425.0)
#### New icons 🎨
- `bandage` ([#​2341](https://togithub.com/lucide-icons/lucide/issues/2341)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `table-of-contents` ([#​2348](https://togithub.com/lucide-icons/lucide/issues/2348)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `mouse-pointer-2` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-ban` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-click` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-dashed-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.424.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.424.0): New icons 0.424.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.423.0...0.424.0)
#### New icons 🎨
- `map-pin-house` ([#​2337](https://togithub.com/lucide-icons/lucide/issues/2337)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `replace-all` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
- `replace` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.423.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.423.0): New icons 0.423.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.422.0...0.423.0)
#### New icons 🎨
- `amphora` ([#​1926](https://togithub.com/lucide-icons/lucide/issues/1926)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.422.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.422.0): New icons 0.422.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.421.0...0.422.0)
#### Modified Icons 🔨
- `skull` ([#​2197](https://togithub.com/lucide-icons/lucide/issues/2197)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.421.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.421.0): New icons 0.421.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.420.0...0.421.0)
#### New icons 🎨
- `microchip` ([#​1982](https://togithub.com/lucide-icons/lucide/issues/1982)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `circle-check-big` ([#​2330](https://togithub.com/lucide-icons/lucide/issues/2330)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-download` ([#​2355](https://togithub.com/lucide-icons/lucide/issues/2355)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `pentagon` ([#​1918](https://togithub.com/lucide-icons/lucide/issues/1918)) by [@​jguddas](https://togithub.com/jguddas)
- `square-check-big` ([#​2331](https://togithub.com/lucide-icons/lucide/issues/2331)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.420.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.420.0): New icons 0.420.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.419.0...0.420.0)
#### New icons 🎨
- `omega` ([#​2347](https://togithub.com/lucide-icons/lucide/issues/2347)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `calendar-search` ([#​2351](https://togithub.com/lucide-icons/lucide/issues/2351)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-upload` ([#​2352](https://togithub.com/lucide-icons/lucide/issues/2352)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.419.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.419.0): New icons 0.419.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.418.0...0.419.0)
#### New icons 🎨
- `circle-fading-arrow-up` ([#​2287](https://togithub.com/lucide-icons/lucide/issues/2287)) by [@​mosch](https://togithub.com/mosch)
### [`v0.418.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.418.0): New icons 0.418.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.417.0...0.418.0)
#### New icons 🎨
- `id-card` ([#​1296](https://togithub.com/lucide-icons/lucide/issues/1296)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.417.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.417.0): New icons 0.417.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.416.0...0.417.0)
#### Modified Icons 🔨
- `chart-column-increasing` ([#​2334](https://togithub.com/lucide-icons/lucide/issues/2334)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.416.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.416.0): New icons 0.416.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.415.0...0.416.0)
#### New icons 🎨
- `map-pin-check-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-check` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `map-pin-off` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pinned` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.415.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.415.0): New icons 0.415.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.414.0...0.415.0)
#### New icons 🎨
- `square-square` ([#​2241](https://togithub.com/lucide-icons/lucide/issues/2241)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.414.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.414.0): New icons 0.414.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.413.0...0.414.0)
#### New icons 🎨
- `chart-area` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-decreasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-big` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-network` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-no-axes-combined` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-spline` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.413.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.413.0): New icons 0.413.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.412.0...0.413.0)
#### New icons 🎨
- `dam` ([#​2233](https://togithub.com/lucide-icons/lucide/issues/2233)) by [@​AndreasSas](https://togithub.com/AndreasSas)
#### Modified Icons 🔨
- `dog` ([#​2249](https://togithub.com/lucide-icons/lucide/issues/2249)) by [@​jguddas](https://togithub.com/jguddas)
- `key-square` ([#​2277](https://togithub.com/lucide-icons/lucide/issues/2277)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.412.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.412.0): New icons 0.412.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.411.0...0.412.0)
#### New icons 🎨
- `letter-text` ([#​2252](https://togithub.com/lucide-icons/lucide/issues/2252)) by [@​GRA0007](https://togithub.com/GRA0007)
### [`v0.411.0`](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
### [`v0.410.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.410.0): New icons 0.410.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.409.0...0.410.0)
#### New icons 🎨
- `philippine-peso` ([#​2231](https://togithub.com/lucide-icons/lucide/issues/2231)) by [@​kasutu](https://togithub.com/kasutu)
#### Modified Icons 🔨
- `ribbon` ([#​2271](https://togithub.com/lucide-icons/lucide/issues/2271)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.409.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.409.0): New icons 0.409.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.408.0...0.409.0)
#### Modified Icons 🔨
- `calendar-minus` ([#​2265](https://togithub.com/lucide-icons/lucide/issues/2265)) by [@​jguddas](https://togithub.com/jguddas)
- `eye-off` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `image-plus` ([#​2321](https://togithub.com/lucide-icons/lucide/issues/2321)) by [@​jguddas](https://togithub.com/jguddas)
- `scan-eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `view` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
</details>
<details>
<summary>nodejs/node (node)</summary>
### [`v20.16.0`](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
[Compare Source](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
</details>
<details>
<summary>facebook/react (react-refresh)</summary>
### [`v0.14.2`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0142-November-2-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.1...v0.14.2)
##### React DOM
- Fixed bug with development build preventing events from firing in some versions of Internet Explorer & Edge
- Fixed bug with development build when using es5-sham in older versions of Internet Explorer
- Added support for `integrity` attribute
- Fixed bug resulting in `children` prop being coerced to a string for custom elements, which was not the desired behavior
- Moved `react` from `dependencies` to `peerDependencies` to match expectations and align with `react-addons-*` packages
### [`v0.14.1`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#01410-October-14-2020)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.0...v0.14.1)
##### React
- Backport support for the [new JSX transform](https://reactjs.org/blog/2020/09/22/introducing-the-new-jsx-transform.html) to 0.14.x. ([@​lunaruan](https://togithub.com/lunaruan) in [#​18299](https://togithub.com/facebook/react/pull/18299) and [@​gaearon](https://togithub.com/gaearon) in [#​20024](https://togithub.com/facebook/react/pull/20024))
### [`v0.14.0`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0140-October-7-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.13.0...v0.14.0)
##### Major changes
- Split the main `react` package into two: `react` and `react-dom`. This paves the way to writing components that can be shared between the web version of React and React Native. This means you will need to include both files and some functions have been moved from `React` to `ReactDOM`.
- Addons have been moved to separate packages (`react-addons-clone-with-props`, `react-addons-create-fragment`, `react-addons-css-transition-group`, `react-addons-linked-state-mixin`, `react-addons-perf`, `react-addons-pure-render-mixin`, `react-addons-shallow-compare`, `react-addons-test-utils`, `react-addons-transition-group`, `react-addons-update`, `ReactDOM.unstable_batchedUpdates`).
- Stateless functional components - React components were previously created using React.createClass or using ES6 classes. This release adds a [new syntax](https://reactjs.org/docs/reusable-components.html#stateless-functions) where a user defines a single [stateless render function](https://reactjs.org/docs/reusable-components.html#stateless-functions) (with one parameter: `props`) which returns a JSX element, and this function may be used as a component.
- Refs to DOM components as the DOM node itself. Previously the only useful thing you can do with a DOM component is call `getDOMNode()` to get the underlying DOM node. Starting with this release, a ref to a DOM component *is* the actual DOM node. **Note that refs to custom (user-defined) components work exactly as before; only the built-in DOM components are affected by this change.**
##### Breaking changes
- `React.initializeTouchEvents` is no longer necessary and has been removed completely. Touch events now work automatically.
- Add-Ons: Due to the DOM node refs change mentioned above, `TestUtils.findAllInRenderedTree` and related helpers are no longer able to take a DOM component, only a custom component.
- The `props` object is now frozen, so mutating props after creating a component element is no longer supported. In most cases, [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) should be used instead. This change makes your components easier to reason about and enables the compiler optimizations mentioned above.
- Plain objects are no longer supported as React children; arrays should be used instead. You can use the [`createFragment`](https://reactjs.org/docs/create-fragment.html) helper to migrate, which now returns an array.
- Add-Ons: `classSet` has been removed. Use [classnames](https://togithub.com/JedWatson/classnames) instead.
- Web components (custom elements) now use native property names. Eg: `class` instead of `className`.
##### Deprecations
- `this.getDOMNode()` is now deprecated and `ReactDOM.findDOMNode(this)` can be used instead. Note that in the common case, `findDOMNode` is now unnecessary since a ref to the DOM component is now the actual DOM node.
- `setProps` and `replaceProps` are now deprecated. Instead, call ReactDOM.render again at the top level with the new props.
- ES6 component classes must now extend `React.Component` in order to enable stateless function components. The [ES3 module pattern](https://reactjs.org/blog/2015/01/27/react-v0.13.0-beta-1.html#other-languages) will continue to work.
- Reusing and mutating a `style` object between renders has been deprecated. This mirrors our change to freeze the `props` object.
- Add-Ons: `cloneWithProps` is now deprecated. Use [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) instead (unlike `cloneW
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-22 07:12:22 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-03 19:24:21 +03:00
|
|
|
checksum = "2886843bf800fba2e3377cff24abf6379b4c4d5c6681eaf9ea5b0d15090450bd"
|
chore: bump up all non-major dependencies (#7925)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type | Update |
|---|---|---|---|---|---|---|---|
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@chromatic-com/storybook](https://togithub.com/chromaui/addon-visual-tests) | [`1.6.1` -> `1.7.0`](https://renovatebot.com/diffs/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [@fal-ai/serverless-client](https://togithub.com/fal-ai/fal-js) ([source](https://togithub.com/fal-ai/fal-js/tree/HEAD/libs/client)) | [`^0.13.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@napi-rs/cli](https://togithub.com/napi-rs/napi-rs) | [`3.0.0-alpha.60` -> `3.0.0-alpha.62`](https://renovatebot.com/diffs/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@playwright/test](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@types/react](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/react) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react)) | [`18.3.3` -> `18.3.4`](https://renovatebot.com/diffs/npm/@types%2freact/18.3.3/18.3.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/css](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/css)) | [`1.15.4` -> `1.15.5`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fcss/1.15.4/1.15.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/vite-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/vite-plugin)) | [`4.0.14` -> `4.0.15`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/webpack-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/webpack-plugin)) | [`2.3.12` -> `2.3.13`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [dayjs](https://day.js.org) ([source](https://togithub.com/iamkun/dayjs)) | [`1.11.12` -> `1.11.13`](https://renovatebot.com/diffs/npm/dayjs/1.11.12/1.11.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [electron](https://togithub.com/electron/electron) | [`32.0.0` -> `32.0.1`](https://renovatebot.com/diffs/npm/electron/32.0.0/32.0.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [embla-carousel-react](https://www.embla-carousel.com) ([source](https://togithub.com/davidjerleke/embla-carousel)) | [`8.1.8` -> `8.2.0`](https://renovatebot.com/diffs/npm/embla-carousel-react/8.1.8/8.2.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [husky](https://togithub.com/typicode/husky) | [`9.1.4` -> `9.1.5`](https://renovatebot.com/diffs/npm/husky/9.1.4/9.1.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [jotai-scope](https://togithub.com/jotaijs/jotai-scope) | [`0.7.1` -> `0.7.2`](https://renovatebot.com/diffs/npm/jotai-scope/0.7.1/0.7.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [lucide-react](https://lucide.dev) ([source](https://togithub.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react)) | [`^0.408.0` -> `^0.429.0`](https://renovatebot.com/diffs/npm/lucide-react/0.408.0/0.429.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [napi](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.7` -> `3.0.0-alpha.8` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [napi-derive](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.6` -> `3.0.0-alpha.7` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [nestjs-throttler-storage-redis](https://togithub.com/kkoomen/nestjs-throttler-storage-redis) | [`^0.4.1` -> `^0.5.0`](https://renovatebot.com/diffs/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [node](https://nodejs.org) ([source](https://togithub.com/nodejs/node)) | `20.15.1` -> `20.16.0` | [![age](https://developer.mend.io/api/mc/badges/age/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor |
| openresty/openresty | `1.25.3.1-0-buster` -> `1.25.3.2-0-buster` | [![age](https://developer.mend.io/api/mc/badges/age/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | final | patch |
| [playwright](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/playwright/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [react-refresh](https://reactjs.org/) ([source](https://togithub.com/facebook/react/tree/HEAD/packages/react)) | [`^0.10.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/react-refresh/0.10.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [serde](https://serde.rs) ([source](https://togithub.com/serde-rs/serde)) | `1.0.204` -> `1.0.208` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [serde_json](https://togithub.com/serde-rs/json) | `1.0.120` -> `1.0.125` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [storybook-dark-mode](https://togithub.com/hipstersmoothie/storybook-dark-mode) | [`4.0.1` -> `4.0.2`](https://renovatebot.com/diffs/npm/storybook-dark-mode/4.0.1/4.0.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dev-dependencies | minor |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | minor |
| [vite](https://vitejs.dev) ([source](https://togithub.com/vitejs/vite/tree/HEAD/packages/vite)) | [`5.4.1` -> `5.4.2`](https://renovatebot.com/diffs/npm/vite/5.4.1/5.4.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [vite-plugin-dts](https://togithub.com/qmhc/vite-plugin-dts) | [`4.0.2` -> `4.0.3`](https://renovatebot.com/diffs/npm/vite-plugin-dts/4.0.2/4.0.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [wrangler](https://togithub.com/cloudflare/workers-sdk) ([source](https://togithub.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler)) | [`3.72.0` -> `3.72.1`](https://renovatebot.com/diffs/npm/wrangler/3.72.0/3.72.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
---
### Release Notes
<details>
<summary>aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)</summary>
### [`v3.635.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#36350-2024-08-20)
[Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.633.0...v3.635.0)
##### Features
- **client-s3:** Amazon Simple Storage Service / Features : Add support for conditional writes for PutObject and CompleteMultipartUpload APIs. ([b474584](https://togithub.com/aws/aws-sdk-js-v3/commit/b474584f2cfb0438fb1007d0594a54cf1a1c2dcb))
- **codegen:** add Smithy RPCv2 CBOR to list of protocols ([#​6096](https://togithub.com/aws/aws-sdk-js-v3/issues/6096)) ([5154d4f](https://togithub.com/aws/aws-sdk-js-v3/commit/5154d4f19bc77a7bad075b35ce135d3b5f60ad1d))
</details>
<details>
<summary>chromaui/addon-visual-tests (@​chromatic-com/storybook)</summary>
### [`v1.7.0`](https://togithub.com/chromaui/addon-visual-tests/blob/HEAD/CHANGELOG.md#v170-Tue-Aug-20-2024)
[Compare Source](https://togithub.com/chromaui/addon-visual-tests/compare/v1.6.1...v1.7.0)
##### 🚀 Enhancement
- Update story status reporting for Storybook 8.3 and use new `SET_FILTER` event [#​332](https://togithub.com/chromaui/addon-visual-tests/pull/332) ([@​ghengeveld](https://togithub.com/ghengeveld))
##### Authors: 1
- Gert Hengeveld ([@​ghengeveld](https://togithub.com/ghengeveld))
***
</details>
<details>
<summary>emotion-js/emotion (@​emotion/react)</summary>
### [`v11.13.3`](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...3f468846855ed1c6092922a6317a6f5df0ba8dcc)
[Compare Source](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...@emotion/react@11.13.3)
</details>
<details>
<summary>fal-ai/fal-js (@​fal-ai/serverless-client)</summary>
### [`v0.14.2`](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
### [`v0.14.1`](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
### [`v0.14.0`](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
</details>
<details>
<summary>napi-rs/napi-rs (@​napi-rs/cli)</summary>
### [`v3.0.0-alpha.62`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
### [`v3.0.0-alpha.61`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
</details>
<details>
<summary>microsoft/playwright (@​playwright/test)</summary>
### [`v1.46.1`](https://togithub.com/microsoft/playwright/compare/v1.46.0...e1c861cfa7a6caf3c5b798786b1e6298c4f3cf31)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.46.0...v1.46.1)
### [`v1.46.0`](https://togithub.com/microsoft/playwright/compare/v1.45.3...99a36310570617222290c09b96a2026beb8b00f9)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.3...v1.46.0)
### [`v1.45.3`](https://togithub.com/microsoft/playwright/compare/v1.45.2...0e130fa8edaf85765c4a5a86bded0e6d33bfd7c2)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.2...v1.45.3)
### [`v1.45.2`](https://togithub.com/microsoft/playwright/compare/v1.45.1...d8a5f3b33193e413b404ff4aa1f71e859d8f1b6b)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.1...v1.45.2)
### [`v1.45.1`](https://togithub.com/microsoft/playwright/compare/v1.45.0...e8989f83d9801cdaadc3803b5341c601c9593947)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.0...v1.45.1)
### [`v1.45.0`](https://togithub.com/microsoft/playwright/compare/v1.44.1...4f3f6eecae490af444dd9298c9eaeb0c596915b7)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.44.1...v1.45.0)
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/css)</summary>
### [`v1.15.5`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/css/CHANGELOG.md#1155)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/css@1.15.4...@vanilla-extract/css@1.15.5)
##### Patch Changes
- [#​1466](https://togithub.com/vanilla-extract-css/vanilla-extract/pull/1466) [`6432199fa0717f424fb3f45fbe36410b03b01c1c`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/6432199fa0717f424fb3f45fbe36410b03b01c1c) Thanks [@​askoufis](https://togithub.com/askoufis)! - Speed up dev prefix generation for long file paths
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/vite-plugin)</summary>
### [`v4.0.15`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/vite-plugin/CHANGELOG.md#4015)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/vite-plugin@4.0.14...@vanilla-extract/vite-plugin@4.0.15)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/webpack-plugin)</summary>
### [`v2.3.13`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/webpack-plugin/CHANGELOG.md#2313)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/webpack-plugin@2.3.12...@vanilla-extract/webpack-plugin@2.3.13)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>zloirock/core-js (core-js)</summary>
### [`v3.38.1`](https://togithub.com/zloirock/core-js/blob/HEAD/CHANGELOG.md#3381---20240820)
[Compare Source](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Changes [v3.38.0...v3.38.1](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Fixed some cases of `URLSearchParams` percent decoding, [#​1357](https://togithub.com/zloirock/core-js/issues/1357), [#​1361](https://togithub.com/zloirock/core-js/pull/1361), thanks [**@​slowcheetah**](https://togithub.com/slowcheetah)
- Some stylistic changes and minor optimizations
- Compat data improvements:
- [`Iterator` helpers proposal](https://togithub.com/tc39/proposal-iterator-helpers) methods marked as [shipped from FF131](https://bugzilla.mozilla.org/show_bug.cgi?id=1896390)
- [`Math.f16round` and `DataView.prototype.{ getFloat16, setFloat16 }`](https://togithub.com/tc39/proposal-float16array) marked as shipped from Bun 1.1.23
- [`RegExp.escape`](https://togithub.com/tc39/proposal-regex-escaping) marked as shipped from Bun 1.1.22
- [`Promise.try`](https://togithub.com/tc39/proposal-promise-try) marked as shipped from Bun 1.1.22
- [`Uint8Array` to / from base64 and hex proposal](https://togithub.com/tc39/proposal-arraybuffer-base64) methods marked as shipped from Bun 1.1.22
- Added Hermes 0.13 compat data, similar to React Native 0.75 Hermes
- Added Opera Android 84 compat data mapping
</details>
<details>
<summary>iamkun/dayjs (dayjs)</summary>
### [`v1.11.13`](https://togithub.com/iamkun/dayjs/compare/v1.11.12...93c8fd0f807b8a8252f4cd65083bb1d6a49b90e7)
[Compare Source](https://togithub.com/iamkun/dayjs/compare/v1.11.12...v1.11.13)
</details>
<details>
<summary>electron/electron (electron)</summary>
### [`v32.0.1`](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
[Compare Source](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
</details>
<details>
<summary>davidjerleke/embla-carousel (embla-carousel-react)</summary>
### [`v8.2.0`](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...6baf1555c6f68e88a7f785213ecf363f447a8b2f)
[Compare Source](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...v8.2.0)
</details>
<details>
<summary>typicode/husky (husky)</summary>
### [`v9.1.5`](https://togithub.com/typicode/husky/compare/v9.1.4...2fee8d212c601942ad146ea9209f15c20a07fb6d)
[Compare Source](https://togithub.com/typicode/husky/compare/v9.1.4...v9.1.5)
</details>
<details>
<summary>jotaijs/jotai-scope (jotai-scope)</summary>
### [`v0.7.2`](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
[Compare Source](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
</details>
<details>
<summary>lucide-icons/lucide (lucide-react)</summary>
### [`v0.429.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.429.0): New icons 0.429.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.428.0...0.429.0)
#### Modified Icons 🔨
- `message-square-dashed` ([#​2374](https://togithub.com/lucide-icons/lucide/issues/2374)) by [@​jguddas](https://togithub.com/jguddas)
- `stethoscope` ([#​2379](https://togithub.com/lucide-icons/lucide/issues/2379)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.428.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.428.0): New icons 0.428.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.427.0...0.428.0)
#### New icons 🎨
- `tickets-plane` ([#​2196](https://togithub.com/lucide-icons/lucide/issues/2196)) by [@​jguddas](https://togithub.com/jguddas)
#### Modified Icons 🔨
- `folder-search` ([#​2354](https://togithub.com/lucide-icons/lucide/issues/2354)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.427.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.427.0): New icons 0.427.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.426.0...0.427.0)
#### New icons 🎨
- `binoculars` ([#​2207](https://togithub.com/lucide-icons/lucide/issues/2207)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `tickets` ([#​2335](https://togithub.com/lucide-icons/lucide/issues/2335)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.426.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.426.0): New icons 0.426.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.425.0...0.426.0)
#### New icons 🎨
- `chevrons-left-right-ellipsis` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
- `ethernet-port` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
#### Modified Icons 🔨
- `cigarette-off` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
- `cigarette` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.425.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.425.0): New icons 0.425.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.424.0...0.425.0)
#### New icons 🎨
- `bandage` ([#​2341](https://togithub.com/lucide-icons/lucide/issues/2341)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `table-of-contents` ([#​2348](https://togithub.com/lucide-icons/lucide/issues/2348)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `mouse-pointer-2` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-ban` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-click` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-dashed-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.424.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.424.0): New icons 0.424.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.423.0...0.424.0)
#### New icons 🎨
- `map-pin-house` ([#​2337](https://togithub.com/lucide-icons/lucide/issues/2337)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `replace-all` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
- `replace` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.423.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.423.0): New icons 0.423.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.422.0...0.423.0)
#### New icons 🎨
- `amphora` ([#​1926](https://togithub.com/lucide-icons/lucide/issues/1926)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.422.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.422.0): New icons 0.422.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.421.0...0.422.0)
#### Modified Icons 🔨
- `skull` ([#​2197](https://togithub.com/lucide-icons/lucide/issues/2197)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.421.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.421.0): New icons 0.421.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.420.0...0.421.0)
#### New icons 🎨
- `microchip` ([#​1982](https://togithub.com/lucide-icons/lucide/issues/1982)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `circle-check-big` ([#​2330](https://togithub.com/lucide-icons/lucide/issues/2330)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-download` ([#​2355](https://togithub.com/lucide-icons/lucide/issues/2355)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `pentagon` ([#​1918](https://togithub.com/lucide-icons/lucide/issues/1918)) by [@​jguddas](https://togithub.com/jguddas)
- `square-check-big` ([#​2331](https://togithub.com/lucide-icons/lucide/issues/2331)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.420.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.420.0): New icons 0.420.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.419.0...0.420.0)
#### New icons 🎨
- `omega` ([#​2347](https://togithub.com/lucide-icons/lucide/issues/2347)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `calendar-search` ([#​2351](https://togithub.com/lucide-icons/lucide/issues/2351)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-upload` ([#​2352](https://togithub.com/lucide-icons/lucide/issues/2352)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.419.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.419.0): New icons 0.419.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.418.0...0.419.0)
#### New icons 🎨
- `circle-fading-arrow-up` ([#​2287](https://togithub.com/lucide-icons/lucide/issues/2287)) by [@​mosch](https://togithub.com/mosch)
### [`v0.418.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.418.0): New icons 0.418.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.417.0...0.418.0)
#### New icons 🎨
- `id-card` ([#​1296](https://togithub.com/lucide-icons/lucide/issues/1296)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.417.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.417.0): New icons 0.417.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.416.0...0.417.0)
#### Modified Icons 🔨
- `chart-column-increasing` ([#​2334](https://togithub.com/lucide-icons/lucide/issues/2334)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.416.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.416.0): New icons 0.416.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.415.0...0.416.0)
#### New icons 🎨
- `map-pin-check-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-check` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `map-pin-off` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pinned` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.415.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.415.0): New icons 0.415.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.414.0...0.415.0)
#### New icons 🎨
- `square-square` ([#​2241](https://togithub.com/lucide-icons/lucide/issues/2241)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.414.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.414.0): New icons 0.414.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.413.0...0.414.0)
#### New icons 🎨
- `chart-area` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-decreasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-big` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-network` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-no-axes-combined` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-spline` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.413.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.413.0): New icons 0.413.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.412.0...0.413.0)
#### New icons 🎨
- `dam` ([#​2233](https://togithub.com/lucide-icons/lucide/issues/2233)) by [@​AndreasSas](https://togithub.com/AndreasSas)
#### Modified Icons 🔨
- `dog` ([#​2249](https://togithub.com/lucide-icons/lucide/issues/2249)) by [@​jguddas](https://togithub.com/jguddas)
- `key-square` ([#​2277](https://togithub.com/lucide-icons/lucide/issues/2277)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.412.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.412.0): New icons 0.412.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.411.0...0.412.0)
#### New icons 🎨
- `letter-text` ([#​2252](https://togithub.com/lucide-icons/lucide/issues/2252)) by [@​GRA0007](https://togithub.com/GRA0007)
### [`v0.411.0`](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
### [`v0.410.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.410.0): New icons 0.410.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.409.0...0.410.0)
#### New icons 🎨
- `philippine-peso` ([#​2231](https://togithub.com/lucide-icons/lucide/issues/2231)) by [@​kasutu](https://togithub.com/kasutu)
#### Modified Icons 🔨
- `ribbon` ([#​2271](https://togithub.com/lucide-icons/lucide/issues/2271)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.409.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.409.0): New icons 0.409.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.408.0...0.409.0)
#### Modified Icons 🔨
- `calendar-minus` ([#​2265](https://togithub.com/lucide-icons/lucide/issues/2265)) by [@​jguddas](https://togithub.com/jguddas)
- `eye-off` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `image-plus` ([#​2321](https://togithub.com/lucide-icons/lucide/issues/2321)) by [@​jguddas](https://togithub.com/jguddas)
- `scan-eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `view` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
</details>
<details>
<summary>nodejs/node (node)</summary>
### [`v20.16.0`](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
[Compare Source](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
</details>
<details>
<summary>facebook/react (react-refresh)</summary>
### [`v0.14.2`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0142-November-2-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.1...v0.14.2)
##### React DOM
- Fixed bug with development build preventing events from firing in some versions of Internet Explorer & Edge
- Fixed bug with development build when using es5-sham in older versions of Internet Explorer
- Added support for `integrity` attribute
- Fixed bug resulting in `children` prop being coerced to a string for custom elements, which was not the desired behavior
- Moved `react` from `dependencies` to `peerDependencies` to match expectations and align with `react-addons-*` packages
### [`v0.14.1`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#01410-October-14-2020)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.0...v0.14.1)
##### React
- Backport support for the [new JSX transform](https://reactjs.org/blog/2020/09/22/introducing-the-new-jsx-transform.html) to 0.14.x. ([@​lunaruan](https://togithub.com/lunaruan) in [#​18299](https://togithub.com/facebook/react/pull/18299) and [@​gaearon](https://togithub.com/gaearon) in [#​20024](https://togithub.com/facebook/react/pull/20024))
### [`v0.14.0`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0140-October-7-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.13.0...v0.14.0)
##### Major changes
- Split the main `react` package into two: `react` and `react-dom`. This paves the way to writing components that can be shared between the web version of React and React Native. This means you will need to include both files and some functions have been moved from `React` to `ReactDOM`.
- Addons have been moved to separate packages (`react-addons-clone-with-props`, `react-addons-create-fragment`, `react-addons-css-transition-group`, `react-addons-linked-state-mixin`, `react-addons-perf`, `react-addons-pure-render-mixin`, `react-addons-shallow-compare`, `react-addons-test-utils`, `react-addons-transition-group`, `react-addons-update`, `ReactDOM.unstable_batchedUpdates`).
- Stateless functional components - React components were previously created using React.createClass or using ES6 classes. This release adds a [new syntax](https://reactjs.org/docs/reusable-components.html#stateless-functions) where a user defines a single [stateless render function](https://reactjs.org/docs/reusable-components.html#stateless-functions) (with one parameter: `props`) which returns a JSX element, and this function may be used as a component.
- Refs to DOM components as the DOM node itself. Previously the only useful thing you can do with a DOM component is call `getDOMNode()` to get the underlying DOM node. Starting with this release, a ref to a DOM component *is* the actual DOM node. **Note that refs to custom (user-defined) components work exactly as before; only the built-in DOM components are affected by this change.**
##### Breaking changes
- `React.initializeTouchEvents` is no longer necessary and has been removed completely. Touch events now work automatically.
- Add-Ons: Due to the DOM node refs change mentioned above, `TestUtils.findAllInRenderedTree` and related helpers are no longer able to take a DOM component, only a custom component.
- The `props` object is now frozen, so mutating props after creating a component element is no longer supported. In most cases, [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) should be used instead. This change makes your components easier to reason about and enables the compiler optimizations mentioned above.
- Plain objects are no longer supported as React children; arrays should be used instead. You can use the [`createFragment`](https://reactjs.org/docs/create-fragment.html) helper to migrate, which now returns an array.
- Add-Ons: `classSet` has been removed. Use [classnames](https://togithub.com/JedWatson/classnames) instead.
- Web components (custom elements) now use native property names. Eg: `class` instead of `className`.
##### Deprecations
- `this.getDOMNode()` is now deprecated and `ReactDOM.findDOMNode(this)` can be used instead. Note that in the common case, `findDOMNode` is now unnecessary since a ref to the DOM component is now the actual DOM node.
- `setProps` and `replaceProps` are now deprecated. Instead, call ReactDOM.render again at the top level with the new props.
- ES6 component classes must now extend `React.Component` in order to enable stateless function components. The [ES3 module pattern](https://reactjs.org/blog/2015/01/27/react-v0.13.0-beta-1.html#other-languages) will continue to work.
- Reusing and mutating a `style` object between renders has been deprecated. This mirrors our change to freeze the `props` object.
- Add-Ons: `cloneWithProps` is now deprecated. Use [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) instead (unlike `cloneW
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-22 07:12:22 +03:00
|
|
|
dependencies = [
|
|
|
|
"libc",
|
|
|
|
"wasi",
|
|
|
|
"windows-sys 0.52.0",
|
|
|
|
]
|
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "nanoid"
|
|
|
|
version = "0.4.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "3ffa00dec017b5b1a8b7cf5e2c008bfda1aa7e0697ac1508b491fdf2622fb4d8"
|
|
|
|
dependencies = [
|
2023-09-04 10:31:00 +03:00
|
|
|
"rand",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "napi"
|
2024-12-12 18:45:43 +03:00
|
|
|
version = "3.0.0-alpha.23"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-12 18:45:43 +03:00
|
|
|
checksum = "f4929caab512f6e9650b53d27b4076f3e0524a1369e5d4ab25965fcc60b31cad"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"anyhow",
|
2024-12-13 09:13:05 +03:00
|
|
|
"bitflags",
|
2023-08-29 13:07:05 +03:00
|
|
|
"chrono",
|
|
|
|
"ctor",
|
2024-07-06 11:37:27 +03:00
|
|
|
"napi-build",
|
2023-08-29 13:07:05 +03:00
|
|
|
"napi-sys",
|
|
|
|
"serde",
|
|
|
|
"tokio",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "napi-build"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "2.1.3"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "e1c0f5d67ee408a4685b61f5ab7e58605c8ae3f2b4189f0127d804ff13d5560a"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "napi-derive"
|
2024-12-12 18:45:43 +03:00
|
|
|
version = "3.0.0-alpha.21"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-12 18:45:43 +03:00
|
|
|
checksum = "c12428d113f2b64cf827a144dddaf2df50c4d93d655d57d83745c2a281e6ec62"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"convert_case",
|
|
|
|
"napi-derive-backend",
|
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"syn",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "napi-derive-backend"
|
2024-12-12 18:45:43 +03:00
|
|
|
version = "2.0.0-alpha.21"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-12 18:45:43 +03:00
|
|
|
checksum = "7a5122d26b6f849e524f1b92107364f2b4e9a2e8d41a77b3d6c5b3af75801c60"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"convert_case",
|
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
|
|
|
"semver",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"syn",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "napi-sys"
|
2024-11-05 18:20:21 +03:00
|
|
|
version = "3.0.0-alpha.0"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-05 18:20:21 +03:00
|
|
|
checksum = "ab9d950ea3a522a8cb9e9237ba7cf977eeca1fadaec182163be6b0feebfc7361"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"libloading",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "nom"
|
|
|
|
version = "7.1.3"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a"
|
|
|
|
dependencies = [
|
|
|
|
"memchr",
|
|
|
|
"minimal-lexical",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "nu-ansi-term"
|
|
|
|
version = "0.46.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "77a8165726e8236064dbb45459242600304b42a5ea24ee2948e18e023bf7ba84"
|
|
|
|
dependencies = [
|
|
|
|
"overload",
|
|
|
|
"winapi",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "num-bigint-dig"
|
|
|
|
version = "0.8.4"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "dc84195820f291c7697304f3cbdadd1cb7199c0efc917ff5eafd71225c136151"
|
|
|
|
dependencies = [
|
|
|
|
"byteorder",
|
|
|
|
"lazy_static",
|
|
|
|
"libm",
|
|
|
|
"num-integer",
|
|
|
|
"num-iter",
|
|
|
|
"num-traits",
|
2023-09-04 10:31:00 +03:00
|
|
|
"rand",
|
2023-08-29 13:07:05 +03:00
|
|
|
"smallvec",
|
|
|
|
"zeroize",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "num-integer"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.1.46"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"num-traits",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "num-iter"
|
2024-05-16 12:15:58 +03:00
|
|
|
version = "0.1.45"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-16 12:15:58 +03:00
|
|
|
checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"autocfg",
|
|
|
|
"num-integer",
|
|
|
|
"num-traits",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "num-traits"
|
2024-05-16 12:15:58 +03:00
|
|
|
version = "0.2.19"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-16 12:15:58 +03:00
|
|
|
checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"autocfg",
|
|
|
|
"libm",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "object"
|
2024-11-09 06:39:11 +03:00
|
|
|
version = "0.36.5"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-09 06:39:11 +03:00
|
|
|
checksum = "aedf0a2d09c573ed1d8d85b30c119153926a2b36dce0ab28322c09a117a4683e"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"memchr",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "once_cell"
|
2024-11-05 18:20:21 +03:00
|
|
|
version = "1.20.2"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-05 18:20:21 +03:00
|
|
|
checksum = "1261fe7e33c73b354eab43b1273a57c8f967d0391e80353e51f764ac02cf6775"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
2024-12-10 06:43:34 +03:00
|
|
|
[[package]]
|
|
|
|
name = "oorandom"
|
|
|
|
version = "11.1.4"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "b410bbe7e14ab526a0e86877eb47c6996a2bd7746f027ba551028c925390e4e9"
|
|
|
|
|
2023-11-10 05:25:28 +03:00
|
|
|
[[package]]
|
|
|
|
name = "ordered-float"
|
2024-11-09 06:39:11 +03:00
|
|
|
version = "4.5.0"
|
2023-11-10 05:25:28 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-09 06:39:11 +03:00
|
|
|
checksum = "c65ee1f9701bf938026630b455d5315f490640234259037edb259798b3bcf85e"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"arbitrary",
|
|
|
|
"num-traits",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "overload"
|
|
|
|
version = "0.1.1"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39"
|
|
|
|
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
[[package]]
|
|
|
|
name = "parking"
|
2024-09-13 10:11:05 +03:00
|
|
|
version = "2.2.1"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-13 10:11:05 +03:00
|
|
|
checksum = "f38d5652c16fde515bb1ecef450ab0f6a219d619a7274976324d5e377f7dceba"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "parking_lot"
|
chore: bump up all non-major dependencies (#7059)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type | Update |
|---|---|---|---|---|---|---|---|
| [@nx/vite](https://nx.dev) ([source](https://togithub.com/nrwl/nx/tree/HEAD/packages/vite)) | [`19.0.8` -> `19.1.0`](https://renovatebot.com/diffs/npm/@nx%2fvite/19.0.8/19.1.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@nx%2fvite/19.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@nx%2fvite/19.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@nx%2fvite/19.0.8/19.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nx%2fvite/19.0.8/19.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [cloudflare/wrangler-action](https://togithub.com/cloudflare/wrangler-action) | `v3.6.0` -> `v3.6.1` | [![age](https://developer.mend.io/api/mc/badges/age/github-tags/cloudflare%2fwrangler-action/v3.6.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/cloudflare%2fwrangler-action/v3.6.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/cloudflare%2fwrangler-action/v3.6.0/v3.6.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/cloudflare%2fwrangler-action/v3.6.0/v3.6.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | action | patch |
| [electron-log](https://togithub.com/megahertz/electron-log) | [`5.1.4` -> `5.1.5`](https://renovatebot.com/diffs/npm/electron-log/5.1.4/5.1.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/electron-log/5.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/electron-log/5.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/electron-log/5.1.4/5.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron-log/5.1.4/5.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [esbuild](https://togithub.com/evanw/esbuild) | [`0.21.3` -> `0.21.4`](https://renovatebot.com/diffs/npm/esbuild/0.21.3/0.21.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/esbuild/0.21.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/esbuild/0.21.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/esbuild/0.21.3/0.21.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/esbuild/0.21.3/0.21.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [lint-staged](https://togithub.com/okonet/lint-staged) | [`15.2.4` -> `15.2.5`](https://renovatebot.com/diffs/npm/lint-staged/15.2.4/15.2.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/lint-staged/15.2.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/lint-staged/15.2.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/lint-staged/15.2.4/15.2.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/lint-staged/15.2.4/15.2.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [nodemon](https://nodemon.io) ([source](https://togithub.com/remy/nodemon)) | [`3.1.0` -> `3.1.1`](https://renovatebot.com/diffs/npm/nodemon/3.1.0/3.1.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/nodemon/3.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/nodemon/3.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/nodemon/3.1.0/3.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nodemon/3.1.0/3.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [nx](https://nx.dev) ([source](https://togithub.com/nrwl/nx/tree/HEAD/packages/nx)) | [`19.0.8` -> `19.1.0`](https://renovatebot.com/diffs/npm/nx/19.0.8/19.1.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/nx/19.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/nx/19.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/nx/19.0.8/19.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nx/19.0.8/19.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [parking_lot](https://togithub.com/Amanieu/parking_lot) | `0.12.2` -> `0.12.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/parking_lot/0.12.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/parking_lot/0.12.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/parking_lot/0.12.2/0.12.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/parking_lot/0.12.2/0.12.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [react-virtuoso](https://virtuoso.dev/) ([source](https://togithub.com/petyosi/react-virtuoso)) | [`4.7.10` -> `4.7.11`](https://renovatebot.com/diffs/npm/react-virtuoso/4.7.10/4.7.11) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-virtuoso/4.7.11?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-virtuoso/4.7.11?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-virtuoso/4.7.10/4.7.11?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-virtuoso/4.7.10/4.7.11?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [serde](https://serde.rs) ([source](https://togithub.com/serde-rs/serde)) | `1.0.202` -> `1.0.203` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde/1.0.203?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde/1.0.203?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde/1.0.202/1.0.203?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde/1.0.202/1.0.203?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
---
### Release Notes
<details>
<summary>nrwl/nx (@​nx/vite)</summary>
### [`v19.1.0`](https://togithub.com/nrwl/nx/releases/tag/19.1.0)
[Compare Source](https://togithub.com/nrwl/nx/compare/19.0.8...19.1.0)
##### 19.1.0 (2024-05-24)
##### 🚀 Features
- **angular:** support angular 18.0.0 ([#​22509](https://togithub.com/nrwl/nx/pull/22509))
- **bundling:** added support for declarations (\*.d.ts) ([#​21084](https://togithub.com/nrwl/nx/pull/21084))
- **core:** add an option to seperate the output of show with provide… ([#​23172](https://togithub.com/nrwl/nx/pull/23172))
- **core:** support finding matching projects with only negative patterns ([#​22743](https://togithub.com/nrwl/nx/pull/22743))
- **core:** default show to web view when in interactive terminal ([#​23358](https://togithub.com/nrwl/nx/pull/23358))
- **core:** resolve nx migrate target version against registry ([#​23450](https://togithub.com/nrwl/nx/pull/23450))
- **core:** allow executor definition to point to another executor ([#​23576](https://togithub.com/nrwl/nx/pull/23576))
- **core:** add bun package manager ([#​22602](https://togithub.com/nrwl/nx/pull/22602))
- **graph:** change gradle and nextjs svg ([#​23201](https://togithub.com/nrwl/nx/pull/23201))
- **graph:** show script content in header ([#​23257](https://togithub.com/nrwl/nx/pull/23257))
- **misc:** improve nx cloud setup prompts and messaging ([#​23218](https://togithub.com/nrwl/nx/pull/23218))
- **module-federation:** add remote configuration override ([#​19694](https://togithub.com/nrwl/nx/pull/19694))
- **nextjs:** Update Next & Tailwindcss Package ([#​23313](https://togithub.com/nrwl/nx/pull/23313))
- **nx-dev:** show banner on documentation pages ([#​23266](https://togithub.com/nrwl/nx/pull/23266))
- **nx-dev:** check for missing images ([#​23248](https://togithub.com/nrwl/nx/pull/23248))
- **nx-dev:** put banner above menu ([#​23335](https://togithub.com/nrwl/nx/pull/23335))
- **nx-dev:** Add more blogs ([#​25939](https://togithub.com/nrwl/nx/pull/25939))
- **react:** Add SvgOptions for NxReactWebpackPlugin and WithNx ([#​23283](https://togithub.com/nrwl/nx/pull/23283))
- **react-native:** add optional syncDeps param to storybook executor ([#​22032](https://togithub.com/nrwl/nx/pull/22032))
- **release:** updateDependents generator option for versioning, support circular dependencies ([#​23252](https://togithub.com/nrwl/nx/pull/23252))
- **testing:** updates cypress and [@​cypress/webpack-dev-server](https://togithub.com/cypress/webpack-dev-server) ([#​22902](https://togithub.com/nrwl/nx/pull/22902))
- **testing:** remove --watch=false from inferred vitest targets to keep things inlined with vitest recommendations ([#​25975](https://togithub.com/nrwl/nx/pull/25975))
- **vite:** support incremental builds with nxViteTsPaths ([#​23908](https://togithub.com/nrwl/nx/pull/23908))
##### 🩹 Fixes
- **angular:** libraries should not contain tslib by default [#​21023](https://togithub.com/nrwl/nx/issues/21023) ([#​23423](https://togithub.com/nrwl/nx/pull/23423), [#​21023](https://togithub.com/nrwl/nx/issues/21023))
- **angular:** [@​angular/core](https://togithub.com/angular/core) should always be provided as a shared package [#​19121](https://togithub.com/nrwl/nx/issues/19121) ([#​23464](https://togithub.com/nrwl/nx/pull/23464), [#​19121](https://togithub.com/nrwl/nx/issues/19121))
- **bundling:** rollup does not log build errors ([#​23141](https://togithub.com/nrwl/nx/pull/23141))
- **bundling:** resolve index files from ts paths when running esbuild without bundling ([#​23098](https://togithub.com/nrwl/nx/pull/23098))
- **core:** set yarn berry nodeLinker correctly in migrate command ([#​23249](https://togithub.com/nrwl/nx/pull/23249))
- **core:** show project --web shouldn't error ([#​23251](https://togithub.com/nrwl/nx/pull/23251))
- **core:** update getLastValueFromAsyncIterableIterator to support AsyncIterables returned from executors ([#​23229](https://togithub.com/nrwl/nx/pull/23229))
- **core:** include more binary extensions ([#​22788](https://togithub.com/nrwl/nx/pull/22788), [#​22861](https://togithub.com/nrwl/nx/pull/22861))
- **core:** workspace remove generator should handle no root jest config ([#​23328](https://togithub.com/nrwl/nx/pull/23328))
- **core:** addPlugin should not conflict on project.json targets ([#​23264](https://togithub.com/nrwl/nx/pull/23264))
- **core:** throw a specific error for print-affected and affected graph ([#​23336](https://togithub.com/nrwl/nx/pull/23336))
- **core:** properly indent command output with mixed line endings ([#​23321](https://togithub.com/nrwl/nx/pull/23321))
- **core:** read socket dir on demand & load .env files on client startup ([#​23348](https://togithub.com/nrwl/nx/pull/23348))
- **core:** not load env files when NX_LOAD_DOT_ENV_FILES is false ([#​23231](https://togithub.com/nrwl/nx/pull/23231))
- **core:** addPlugin should not conflict on project.json targ… ([#​23391](https://togithub.com/nrwl/nx/pull/23391))
- **core:** fix affected detection for inputs after named inputs ([#​23354](https://togithub.com/nrwl/nx/pull/23354))
- **core:** fix eslint --help command ([#​23274](https://togithub.com/nrwl/nx/pull/23274))
- **core:** copy native files to tmp file location instead of .nx/cache ([#​23375](https://togithub.com/nrwl/nx/pull/23375))
- **core:** retry interrupted errors when writing to stdout ([#​23359](https://togithub.com/nrwl/nx/pull/23359))
- **core:** do not add an ending new line when serializing a json ([#​23440](https://togithub.com/nrwl/nx/pull/23440))
- **core:** migrate should warn if package does not exist ([#​23317](https://togithub.com/nrwl/nx/pull/23317))
- **core:** azure ci workflow ([#​23453](https://togithub.com/nrwl/nx/pull/23453))
- **core:** only check for `err` in `handleWorkspaceChanges` ([#​23500](https://togithub.com/nrwl/nx/pull/23500))
- **core:** remove duplicate `js-yaml` packages ([f1ae1bc879](https://togithub.com/nrwl/nx/commit/f1ae1bc879))
- **core:** fix alias package parsing and pruning for npm ([#​23474](https://togithub.com/nrwl/nx/pull/23474))
- **core:** install packages per migration when creating commits ([#​23820](https://togithub.com/nrwl/nx/pull/23820))
- **core:** more helpful output for format:check --verbose ([#​23503](https://togithub.com/nrwl/nx/pull/23503))
- **core:** fix buildTargetFromScript takes a long time ([#​25209](https://togithub.com/nrwl/nx/pull/25209))
- **core:** cache getting the package manager to the module scope ([#​25992](https://togithub.com/nrwl/nx/pull/25992))
- **core:** use zkochan/js-yaml directly to avoid false audit errors ([#​25999](https://togithub.com/nrwl/nx/pull/25999))
- **core:** use current user when hashing native file & enable setting its directory via env ([#​24326](https://togithub.com/nrwl/nx/pull/24326))
- **devkit:** combineAsyncIterable should not be blocking when error occurs [#​21393](https://togithub.com/nrwl/nx/issues/21393) ([#​23400](https://togithub.com/nrwl/nx/pull/23400), [#​21393](https://togithub.com/nrwl/nx/issues/21393))
- **gradle:** use local gradlew instead of sdkman ([#​23205](https://togithub.com/nrwl/nx/pull/23205))
- **gradle:** run gradle init if no settings.gradle ([#​23226](https://togithub.com/nrwl/nx/pull/23226))
- **graph:** properly remove <base> tag when generating static graph file ([#​23399](https://togithub.com/nrwl/nx/pull/23399))
- **graph:** reload graph app only when hash changes in watch mode ([#​23434](https://togithub.com/nrwl/nx/pull/23434))
- **js:** Adds mjs files to prettierrcNameOptions ([#​21796](https://togithub.com/nrwl/nx/pull/21796))
- **js:** copy assets handler should correctly handle assets on windows ([#​23351](https://togithub.com/nrwl/nx/pull/23351))
- **js:** Respect loose option provided from config ([#​23406](https://togithub.com/nrwl/nx/pull/23406))
- **js:** fix update package.json ([#​21415](https://togithub.com/nrwl/nx/pull/21415))
- **js:** print warning when --generateLockfile is used with Bun rather than erroring out ([#​25158](https://togithub.com/nrwl/nx/pull/25158))
- **js:** export setup verdaccio generator ([#​24008](https://togithub.com/nrwl/nx/pull/24008))
- **js:** handle tsconfig file with no compilerOptions ([#​25966](https://togithub.com/nrwl/nx/pull/25966))
- **linter:** ensure config.rules is spread into rules in flat config migration ([#​23263](https://togithub.com/nrwl/nx/pull/23263))
- **linter:** ensure all spreads are removed from rules before parsing ([#​23292](https://togithub.com/nrwl/nx/pull/23292))
- **linter:** log transpilation errors of workspace rules ([#​21503](https://togithub.com/nrwl/nx/pull/21503))
- **linter:** rename languageSettings to languageOptions for flat config migration ([#​22924](https://togithub.com/nrwl/nx/pull/22924))
- **linter:** fix migrating projects with the eslint plugin ([#​23147](https://togithub.com/nrwl/nx/pull/23147))
- **linter:** support eslint v9 ([#​24632](https://togithub.com/nrwl/nx/pull/24632))
- **linter:** only set flat config env for eslint v9+ ([#​25189](https://togithub.com/nrwl/nx/pull/25189))
- **linter:** only depend on eslint v8 ([#​25938](https://togithub.com/nrwl/nx/pull/25938))
- **linter:** migrate no-extra-semi rules into user config, out of nx extendable configs ([#​26011](https://togithub.com/nrwl/nx/pull/26011))
- **linter:** move eslint to peerDependencies and allow eslint 9 ([#​26013](https://togithub.com/nrwl/nx/pull/26013))
- **misc:** create workspaces and default app with the name as provided ([#​23196](https://togithub.com/nrwl/nx/pull/23196))
- **misc:** adjust deprecation messages to v20 ([#​23223](https://togithub.com/nrwl/nx/pull/23223))
- **misc:** move e2e-ci to a separate parallel 1 command ([#​23305](https://togithub.com/nrwl/nx/pull/23305))
- **misc:** guard against failure to decode file in migration ([#​23069](https://togithub.com/nrwl/nx/pull/23069))
- **misc:** adjust npm keywords ([#​24743](https://togithub.com/nrwl/nx/pull/24743))
- **misc:** various inference plugins caching should track changes ([#​23315](https://togithub.com/nrwl/nx/pull/23315))
- **module-federation:** nested projects should be ordered first when reading from tsconfig paths [#​20284](https://togithub.com/nrwl/nx/issues/20284) ([#​23212](https://togithub.com/nrwl/nx/pull/23212), [#​20284](https://togithub.com/nrwl/nx/issues/20284))
- **module-federation:** Throw an error if remote is invalid ([#​23100](https://togithub.com/nrwl/nx/pull/23100))
- **nextjs:** Moving a library using [@​nx/workspace](https://togithub.com/nx/workspace):move should update … ([#​23311](https://togithub.com/nrwl/nx/pull/23311))
- **nextjs:** additional experimental HTTPS options ([#​23334](https://togithub.com/nrwl/nx/pull/23334))
- **node:** Docker generator should work ([#​23452](https://togithub.com/nrwl/nx/pull/23452))
- **nx-cloud:** ensure generated ci workflows use dlx for nx-cloud ([#​23333](https://togithub.com/nrwl/nx/pull/23333))
- **nx-dev:** fix home page mobile menu ([#​23250](https://togithub.com/nrwl/nx/pull/23250))
- **nx-dev:** move table of contents down ([#​23350](https://togithub.com/nrwl/nx/pull/23350))
- **react:** respect unitTestRunner passed to the generator ([#​23383](https://togithub.com/nrwl/nx/pull/23383))
- **react:** remote generator should update host's app routes ([#​23499](https://togithub.com/nrwl/nx/pull/23499))
- **react:** applications not using plugin usage should set target defaults ([#​23582](https://togithub.com/nrwl/nx/pull/23582))
- **react-native:** fix test-setup for react native/expo jest ([#​23314](https://togithub.com/nrwl/nx/pull/23314))
- **release:** ensure changelog renderers are resolvable when processing config ([#​23214](https://togithub.com/nrwl/nx/pull/23214))
- **release:** invalid tag for fixed groups without changes ([#​22800](https://togithub.com/nrwl/nx/pull/22800))
- **release:** npm publish error when file path contains spaces ([#​24750](https://togithub.com/nrwl/nx/pull/24750))
- **repo:** hash proper projects when nx ([#​23506](https://togithub.com/nrwl/nx/pull/23506))
- **storybook:** should handle inferred cypress when generating cypress project [#​21770](https://togithub.com/nrwl/nx/issues/21770) ([#​23327](https://togithub.com/nrwl/nx/pull/23327), [#​21770](https://togithub.com/nrwl/nx/issues/21770))
- **testing:** resolve absolute paths for ts path mappings in jest resolver ([#​23346](https://togithub.com/nrwl/nx/pull/23346))
- **testing:** ignore jest-sequencer- paths in jest resolver ([#​23396](https://togithub.com/nrwl/nx/pull/23396))
- **testing:** check for project eslint config file in cypress and pla… ([#​23401](https://togithub.com/nrwl/nx/pull/23401))
- **testing:** handle existing jest preset file correctly ([#​23437](https://togithub.com/nrwl/nx/pull/23437))
- **vite:** don't generate tasks for remix projects ([#​22551](https://togithub.com/nrwl/nx/pull/22551))
- **vite:** get tsconfig from new path including target ([#​22775](https://togithub.com/nrwl/nx/pull/22775))
- **vite:** support passing --watch to inferred vitest commands ([#​23298](https://togithub.com/nrwl/nx/pull/23298))
- **vite:** generate vitest cache dir scoped to each project root and normalize vite cache dir ([#​23330](https://togithub.com/nrwl/nx/pull/23330))
- **vite:** migration should handle config object correctly [#​20921](https://togithub.com/nrwl/nx/issues/20921) ([#​23364](https://togithub.com/nrwl/nx/pull/23364), [#​20921](https://togithub.com/nrwl/nx/issues/20921))
- **vite:** add prop to config to ensure output dir is emptied [#​23382](https://togithub.com/nrwl/nx/issues/23382) ([#​23466](https://togithub.com/nrwl/nx/pull/23466), [#​23382](https://togithub.com/nrwl/nx/issues/23382))
- **vue:** ootb unit testing should work with --routing [#​19921](https://togithub.com/nrwl/nx/issues/19921) ([#​23441](https://togithub.com/nrwl/nx/pull/23441), [#​19921](https://togithub.com/nrwl/nx/issues/19921))
- **web:** Add strict mode ([#​23457](https://togithub.com/nrwl/nx/pull/23457))
- **web:** Add strict mode" ([#​23472](https://togithub.com/nrwl/nx/pull/23472))
- **web:** Add strict mode for [@​nx/web](https://togithub.com/nx/web) ([#​23497](https://togithub.com/nrwl/nx/pull/23497))
- **webpack:** fix default compiler option ([#​22762](https://togithub.com/nrwl/nx/pull/22762))
- **webpack:** don't overwrite output config ([#​22116](https://togithub.com/nrwl/nx/pull/22116))
- **webpack:** publicPath and rebaseRootRelative ([#​20992](https://togithub.com/nrwl/nx/pull/20992))
- **webpack:** apply-base-config should initialize options it will set [#​23296](https://togithub.com/nrwl/nx/issues/23296) ([#​23368](https://togithub.com/nrwl/nx/pull/23368), [#​23296](https://togithub.com/nrwl/nx/issues/23296))
- **webpack:** only add entrypoints if they are intentionally injected [#​20049](https://togithub.com/nrwl/nx/issues/20049) ([#​23444](https://togithub.com/nrwl/nx/pull/23444), [#​20049](https://togithub.com/nrwl/nx/issues/20049))
##### ❤️ Thank You
- andriizavoiko [@​andriizavoiko](https://togithub.com/andriizavoiko)
- arekkubaczkowski [@​arekkubaczkowski](https://togithub.com/arekkubaczkowski)
- castleadmin [@​castleadmin](https://togithub.com/castleadmin)
- Colum Ferry [@​Coly010](https://togithub.com/Coly010)
- Craigory Coppola [@​AgentEnder](https://togithub.com/AgentEnder)
- Daniel Santiago
- Denis Bendrikov
- dmcweeney
- Dmitry Zakharov [@​pumano](https://togithub.com/pumano)
- Edward Wang [@​wzc0415](https://togithub.com/wzc0415)
- Emily Xiong [@​xiongemi](https://togithub.com/xiongemi)
- Isaac Mann [@​isaacplmann](https://togithub.com/isaacplmann)
- Jack Hsu [@​jaysoo](https://togithub.com/jaysoo)
- James Henry [@​JamesHenry](https://togithub.com/JamesHenry)
- Jason Jean [@​FrozenPandaz](https://togithub.com/FrozenPandaz)
- Jonathan Cammisuli
- Jordan Hall [@​Jordan-Hall](https://togithub.com/Jordan-Hall)
- Katerina Skroumpelou [@​mandarini](https://togithub.com/mandarini)
- Krystian Sowiński [@​plumcoding](https://togithub.com/plumcoding)
- Leosvel Pérez Espinosa [@​leosvelperez](https://togithub.com/leosvelperez)
- Mateo Tibaquirá
- Matthias Stemmler [@​ms-tng](https://togithub.com/ms-tng)
- MaxKless [@​MaxKless](https://togithub.com/MaxKless)
- Mehrad Rafigh [@​mehrad-rafigh](https://togithub.com/mehrad-rafigh)
- Mike Peters
- Miroslav Jonaš [@​meeroslav](https://togithub.com/meeroslav)
- Nicholas Cunningham [@​ndcunningham](https://togithub.com/ndcunningham)
- Patrick P [@​ppfenning92](https://togithub.com/ppfenning92)
- Phillip Barta [@​Phillip9587](https://togithub.com/Phillip9587)
- Robin Csutorás
- Sean Sanker
- Younes Jaaidi
</details>
<details>
<summary>cloudflare/wrangler-action (cloudflare/wrangler-action)</summary>
### [`v3.6.1`](https://togithub.com/cloudflare/wrangler-action/releases/tag/v3.6.1)
[Compare Source](https://togithub.com/cloudflare/wrangler-action/compare/v3.6.0...v3.6.1)
##### Patch Changes
- [#​265](https://togithub.com/cloudflare/wrangler-action/pull/265) [`2d275a8f2d279dc91912c1ff8023af109ef3280c`](https://togithub.com/cloudflare/wrangler-action/commit/2d275a8f2d279dc91912c1ff8023af109ef3280c) Thanks [@​Maximo-Guk](https://togithub.com/Maximo-Guk)! - Reverts [#​235](https://togithub.com/cloudflare/wrangler-action/issues/235) which may have caused the latest version of wrangler to be installed, if no wrangler version was found
</details>
<details>
<summary>megahertz/electron-log (electron-log)</summary>
### [`v5.1.5`](https://togithub.com/megahertz/electron-log/compare/v5.1.4...v5.1.5)
[Compare Source](https://togithub.com/megahertz/electron-log/compare/v5.1.4...v5.1.5)
</details>
<details>
<summary>evanw/esbuild (esbuild)</summary>
### [`v0.21.4`](https://togithub.com/evanw/esbuild/blob/HEAD/CHANGELOG.md#0214)
[Compare Source](https://togithub.com/evanw/esbuild/compare/v0.21.3...v0.21.4)
- Update support for import assertions and import attributes in node ([#​3778](https://togithub.com/evanw/esbuild/issues/3778))
Import assertions (the `assert` keyword) have been removed from node starting in v22.0.0. So esbuild will now strip them and generate a warning with `--target=node22` or above:
▲ [WARNING] The "assert" keyword is not supported in the configured target environment ("node22") [assert-to-with]
example.mjs:1:40:
1 │ import json from "esbuild/package.json" assert { type: "json" }
│ ~~~~~~
╵ with
Did you mean to use "with" instead of "assert"?
Import attributes (the `with` keyword) have been backported to node 18 starting in v18.20.0. So esbuild will no longer strip them with `--target=node18.N` if `N` is 20 or greater.
- Fix `for await` transform when a label is present
This release fixes a bug where the `for await` transform, which wraps the loop in a `try` statement, previously failed to also move the loop's label into the `try` statement. This bug only affects code that uses both of these features in combination. Here's an example of some affected code:
```js
// Original code
async function test() {
outer: for await (const x of [Promise.resolve([0, 1])]) {
for (const y of x) if (y) break outer
throw 'fail'
}
}
// Old output (with --target=es6)
function test() {
return __async(this, null, function* () {
outer: try {
for (var iter = __forAwait([Promise.resolve([0, 1])]), more, temp, error; more = !(temp = yield iter.next()).done; more = false) {
const x = temp.value;
for (const y of x) if (y) break outer;
throw "fail";
}
} catch (temp) {
error = [temp];
} finally {
try {
more && (temp = iter.return) && (yield temp.call(iter));
} finally {
if (error)
throw error[0];
}
}
});
}
// New output (with --target=es6)
function test() {
return __async(this, null, function* () {
try {
outer: for (var iter = __forAwait([Promise.resolve([0, 1])]), more, temp, error; more = !(temp = yield iter.next()).done; more = false) {
const x = temp.value;
for (const y of x) if (y) break outer;
throw "fail";
}
} catch (temp) {
error = [temp];
} finally {
try {
more && (temp = iter.return) && (yield temp.call(iter));
} finally {
if (error)
throw error[0];
}
}
});
}
```
- Do additional constant folding after cross-module enum inlining ([#​3416](https://togithub.com/evanw/esbuild/issues/3416), [#​3425](https://togithub.com/evanw/esbuild/issues/3425))
This release adds a few more cases where esbuild does constant folding after cross-module enum inlining.
```ts
// Original code: enum.ts
export enum Platform {
WINDOWS = 'windows',
MACOS = 'macos',
LINUX = 'linux',
}
// Original code: main.ts
import { Platform } from './enum';
declare const PLATFORM: string;
export function logPlatform() {
if (PLATFORM == Platform.WINDOWS) console.log('Windows');
else if (PLATFORM == Platform.MACOS) console.log('macOS');
else if (PLATFORM == Platform.LINUX) console.log('Linux');
else console.log('Other');
}
// Old output (with --bundle '--define:PLATFORM="macos"' --minify --format=esm)
function n(){"windows"=="macos"?console.log("Windows"):"macos"=="macos"?console.log("macOS"):"linux"=="macos"?console.log("Linux"):console.log("Other")}export{n as logPlatform};
// New output (with --bundle '--define:PLATFORM="macos"' --minify --format=esm)
function n(){console.log("macOS")}export{n as logPlatform};
```
- Pass import attributes to on-resolve plugins ([#​3384](https://togithub.com/evanw/esbuild/issues/3384), [#​3639](https://togithub.com/evanw/esbuild/issues/3639), [#​3646](https://togithub.com/evanw/esbuild/issues/3646))
With this release, on-resolve plugins will now have access to the import attributes on the import via the `with` property of the arguments object. This mirrors the `with` property of the arguments object that's already passed to on-load plugins. In addition, you can now pass `with` to the `resolve()` API call which will then forward that value on to all relevant plugins. Here's an example of a plugin that can now be written:
```js
const examplePlugin = {
name: 'Example plugin',
setup(build) {
build.onResolve({ filter: /.*/ }, args => {
if (args.with.type === 'external')
return { external: true }
})
}
}
require('esbuild').build({
stdin: {
contents: `
import foo from "./foo" with { type: "external" }
foo()
`,
},
bundle: true,
format: 'esm',
write: false,
plugins: [examplePlugin],
}).then(result => {
console.log(result.outputFiles[0].text)
})
```
- Formatting support for the `@position-try` rule ([#​3773](https://togithub.com/evanw/esbuild/issues/3773))
Chrome shipped this new CSS at-rule in version 125 as part of the [CSS anchor positioning API](https://developer.chrome.com/blog/anchor-positioning-api). With this release, esbuild now knows to expect a declaration list inside of the `@position-try` body block and will format it appropriately.
- Always allow internal string import and export aliases ([#​3343](https://togithub.com/evanw/esbuild/issues/3343))
Import and export names can be string literals in ES2022+. Previously esbuild forbid any usage of these aliases when the target was below ES2022. Starting with this release, esbuild will only forbid such usage when the alias would otherwise end up in output as a string literal. String literal aliases that are only used internally in the bundle and are "compiled away" are no longer errors. This makes it possible to use string literal aliases with esbuild's `inject` feature even when the target is earlier than ES2022.
</details>
<details>
<summary>okonet/lint-staged (lint-staged)</summary>
### [`v15.2.5`](https://togithub.com/okonet/lint-staged/blob/HEAD/CHANGELOG.md#1525)
[Compare Source](https://togithub.com/okonet/lint-staged/compare/v15.2.4...v15.2.5)
##### Patch Changes
- [#​1424](https://togithub.com/lint-staged/lint-staged/pull/1424) [`31a1f95`](https://togithub.com/lint-staged/lint-staged/commit/31a1f9548ea8202bc5bd718076711f747396e3ca) Thanks [@​iiroj](https://togithub.com/iiroj)! - Allow approximately equivalent versions of direct dependencies by using the "~" character in the version ranges. This means a more recent patch version of a dependency is allowed if available.
- [#​1423](https://togithub.com/lint-staged/lint-staged/pull/1423) [`91abea0`](https://togithub.com/lint-staged/lint-staged/commit/91abea0d298154d92113ba34bae4020704e22918) Thanks [@​iiroj](https://togithub.com/iiroj)! - Improve error logging when failing to read or parse a configuration file
- [#​1424](https://togithub.com/lint-staged/lint-staged/pull/1424) [`ee43f15`](https://togithub.com/lint-staged/lint-staged/commit/ee43f154097753dd5448766f792387e60e0ea453) Thanks [@​iiroj](https://togithub.com/iiroj)! - Upgrade micromatch@4.0.7
</details>
<details>
<summary>remy/nodemon (nodemon)</summary>
### [`v3.1.1`](https://togithub.com/remy/nodemon/releases/tag/v3.1.1)
[Compare Source](https://togithub.com/remy/nodemon/compare/v3.1.0...v3.1.1)
##### Bug Fixes
- add types to help with required nodemon usage ([#​2204](https://togithub.com/remy/nodemon/issues/2204)) ([cd27c0b](https://togithub.com/remy/nodemon/commit/cd27c0b50584e078a10338ef0c37282255f3f9ca))
</details>
<details>
<summary>Amanieu/parking_lot (parking_lot)</summary>
### [`v0.12.3`](https://togithub.com/Amanieu/parking_lot/blob/HEAD/CHANGELOG.md#parkinglot-0123-2024-05-24)
[Compare Source](https://togithub.com/Amanieu/parking_lot/compare/0.12.2...0.12.3)
- Export types provided by arc_lock feature ([#​442](https://togithub.com/Amanieu/parking_lot/issues/442))
</details>
<details>
<summary>petyosi/react-virtuoso (react-virtuoso)</summary>
### [`v4.7.11`](https://togithub.com/petyosi/react-virtuoso/releases/tag/v4.7.11)
[Compare Source](https://togithub.com/petyosi/react-virtuoso/compare/v4.7.10...v4.7.11)
##### Bug Fixes
- update initialTopMostItemIndex type in TableVirtuoso interface ([#​1091](https://togithub.com/petyosi/react-virtuoso/issues/1091)) ([9a93e93](https://togithub.com/petyosi/react-virtuoso/commit/9a93e93dcbe5c02ad61dbd87d5e0c27251a583c6))
</details>
<details>
<summary>serde-rs/serde (serde)</summary>
### [`v1.0.203`](https://togithub.com/serde-rs/serde/compare/v1.0.202...v1.0.203)
[Compare Source](https://togithub.com/serde-rs/serde/compare/v1.0.202...v1.0.203)
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNjguMTAiLCJ1cGRhdGVkSW5WZXIiOiIzNy4zNjguMTAiLCJ0YXJnZXRCcmFuY2giOiJjYW5hcnkiLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19-->
2024-05-27 08:33:12 +03:00
|
|
|
version = "0.12.3"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
chore: bump up all non-major dependencies (#7059)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type | Update |
|---|---|---|---|---|---|---|---|
| [@nx/vite](https://nx.dev) ([source](https://togithub.com/nrwl/nx/tree/HEAD/packages/vite)) | [`19.0.8` -> `19.1.0`](https://renovatebot.com/diffs/npm/@nx%2fvite/19.0.8/19.1.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@nx%2fvite/19.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@nx%2fvite/19.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@nx%2fvite/19.0.8/19.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nx%2fvite/19.0.8/19.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [cloudflare/wrangler-action](https://togithub.com/cloudflare/wrangler-action) | `v3.6.0` -> `v3.6.1` | [![age](https://developer.mend.io/api/mc/badges/age/github-tags/cloudflare%2fwrangler-action/v3.6.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/cloudflare%2fwrangler-action/v3.6.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/cloudflare%2fwrangler-action/v3.6.0/v3.6.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/cloudflare%2fwrangler-action/v3.6.0/v3.6.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | action | patch |
| [electron-log](https://togithub.com/megahertz/electron-log) | [`5.1.4` -> `5.1.5`](https://renovatebot.com/diffs/npm/electron-log/5.1.4/5.1.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/electron-log/5.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/electron-log/5.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/electron-log/5.1.4/5.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron-log/5.1.4/5.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [esbuild](https://togithub.com/evanw/esbuild) | [`0.21.3` -> `0.21.4`](https://renovatebot.com/diffs/npm/esbuild/0.21.3/0.21.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/esbuild/0.21.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/esbuild/0.21.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/esbuild/0.21.3/0.21.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/esbuild/0.21.3/0.21.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [lint-staged](https://togithub.com/okonet/lint-staged) | [`15.2.4` -> `15.2.5`](https://renovatebot.com/diffs/npm/lint-staged/15.2.4/15.2.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/lint-staged/15.2.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/lint-staged/15.2.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/lint-staged/15.2.4/15.2.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/lint-staged/15.2.4/15.2.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [nodemon](https://nodemon.io) ([source](https://togithub.com/remy/nodemon)) | [`3.1.0` -> `3.1.1`](https://renovatebot.com/diffs/npm/nodemon/3.1.0/3.1.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/nodemon/3.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/nodemon/3.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/nodemon/3.1.0/3.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nodemon/3.1.0/3.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [nx](https://nx.dev) ([source](https://togithub.com/nrwl/nx/tree/HEAD/packages/nx)) | [`19.0.8` -> `19.1.0`](https://renovatebot.com/diffs/npm/nx/19.0.8/19.1.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/nx/19.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/nx/19.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/nx/19.0.8/19.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nx/19.0.8/19.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [parking_lot](https://togithub.com/Amanieu/parking_lot) | `0.12.2` -> `0.12.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/parking_lot/0.12.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/parking_lot/0.12.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/parking_lot/0.12.2/0.12.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/parking_lot/0.12.2/0.12.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [react-virtuoso](https://virtuoso.dev/) ([source](https://togithub.com/petyosi/react-virtuoso)) | [`4.7.10` -> `4.7.11`](https://renovatebot.com/diffs/npm/react-virtuoso/4.7.10/4.7.11) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-virtuoso/4.7.11?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-virtuoso/4.7.11?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-virtuoso/4.7.10/4.7.11?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-virtuoso/4.7.10/4.7.11?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [serde](https://serde.rs) ([source](https://togithub.com/serde-rs/serde)) | `1.0.202` -> `1.0.203` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde/1.0.203?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde/1.0.203?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde/1.0.202/1.0.203?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde/1.0.202/1.0.203?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
---
### Release Notes
<details>
<summary>nrwl/nx (@​nx/vite)</summary>
### [`v19.1.0`](https://togithub.com/nrwl/nx/releases/tag/19.1.0)
[Compare Source](https://togithub.com/nrwl/nx/compare/19.0.8...19.1.0)
##### 19.1.0 (2024-05-24)
##### 🚀 Features
- **angular:** support angular 18.0.0 ([#​22509](https://togithub.com/nrwl/nx/pull/22509))
- **bundling:** added support for declarations (\*.d.ts) ([#​21084](https://togithub.com/nrwl/nx/pull/21084))
- **core:** add an option to seperate the output of show with provide… ([#​23172](https://togithub.com/nrwl/nx/pull/23172))
- **core:** support finding matching projects with only negative patterns ([#​22743](https://togithub.com/nrwl/nx/pull/22743))
- **core:** default show to web view when in interactive terminal ([#​23358](https://togithub.com/nrwl/nx/pull/23358))
- **core:** resolve nx migrate target version against registry ([#​23450](https://togithub.com/nrwl/nx/pull/23450))
- **core:** allow executor definition to point to another executor ([#​23576](https://togithub.com/nrwl/nx/pull/23576))
- **core:** add bun package manager ([#​22602](https://togithub.com/nrwl/nx/pull/22602))
- **graph:** change gradle and nextjs svg ([#​23201](https://togithub.com/nrwl/nx/pull/23201))
- **graph:** show script content in header ([#​23257](https://togithub.com/nrwl/nx/pull/23257))
- **misc:** improve nx cloud setup prompts and messaging ([#​23218](https://togithub.com/nrwl/nx/pull/23218))
- **module-federation:** add remote configuration override ([#​19694](https://togithub.com/nrwl/nx/pull/19694))
- **nextjs:** Update Next & Tailwindcss Package ([#​23313](https://togithub.com/nrwl/nx/pull/23313))
- **nx-dev:** show banner on documentation pages ([#​23266](https://togithub.com/nrwl/nx/pull/23266))
- **nx-dev:** check for missing images ([#​23248](https://togithub.com/nrwl/nx/pull/23248))
- **nx-dev:** put banner above menu ([#​23335](https://togithub.com/nrwl/nx/pull/23335))
- **nx-dev:** Add more blogs ([#​25939](https://togithub.com/nrwl/nx/pull/25939))
- **react:** Add SvgOptions for NxReactWebpackPlugin and WithNx ([#​23283](https://togithub.com/nrwl/nx/pull/23283))
- **react-native:** add optional syncDeps param to storybook executor ([#​22032](https://togithub.com/nrwl/nx/pull/22032))
- **release:** updateDependents generator option for versioning, support circular dependencies ([#​23252](https://togithub.com/nrwl/nx/pull/23252))
- **testing:** updates cypress and [@​cypress/webpack-dev-server](https://togithub.com/cypress/webpack-dev-server) ([#​22902](https://togithub.com/nrwl/nx/pull/22902))
- **testing:** remove --watch=false from inferred vitest targets to keep things inlined with vitest recommendations ([#​25975](https://togithub.com/nrwl/nx/pull/25975))
- **vite:** support incremental builds with nxViteTsPaths ([#​23908](https://togithub.com/nrwl/nx/pull/23908))
##### 🩹 Fixes
- **angular:** libraries should not contain tslib by default [#​21023](https://togithub.com/nrwl/nx/issues/21023) ([#​23423](https://togithub.com/nrwl/nx/pull/23423), [#​21023](https://togithub.com/nrwl/nx/issues/21023))
- **angular:** [@​angular/core](https://togithub.com/angular/core) should always be provided as a shared package [#​19121](https://togithub.com/nrwl/nx/issues/19121) ([#​23464](https://togithub.com/nrwl/nx/pull/23464), [#​19121](https://togithub.com/nrwl/nx/issues/19121))
- **bundling:** rollup does not log build errors ([#​23141](https://togithub.com/nrwl/nx/pull/23141))
- **bundling:** resolve index files from ts paths when running esbuild without bundling ([#​23098](https://togithub.com/nrwl/nx/pull/23098))
- **core:** set yarn berry nodeLinker correctly in migrate command ([#​23249](https://togithub.com/nrwl/nx/pull/23249))
- **core:** show project --web shouldn't error ([#​23251](https://togithub.com/nrwl/nx/pull/23251))
- **core:** update getLastValueFromAsyncIterableIterator to support AsyncIterables returned from executors ([#​23229](https://togithub.com/nrwl/nx/pull/23229))
- **core:** include more binary extensions ([#​22788](https://togithub.com/nrwl/nx/pull/22788), [#​22861](https://togithub.com/nrwl/nx/pull/22861))
- **core:** workspace remove generator should handle no root jest config ([#​23328](https://togithub.com/nrwl/nx/pull/23328))
- **core:** addPlugin should not conflict on project.json targets ([#​23264](https://togithub.com/nrwl/nx/pull/23264))
- **core:** throw a specific error for print-affected and affected graph ([#​23336](https://togithub.com/nrwl/nx/pull/23336))
- **core:** properly indent command output with mixed line endings ([#​23321](https://togithub.com/nrwl/nx/pull/23321))
- **core:** read socket dir on demand & load .env files on client startup ([#​23348](https://togithub.com/nrwl/nx/pull/23348))
- **core:** not load env files when NX_LOAD_DOT_ENV_FILES is false ([#​23231](https://togithub.com/nrwl/nx/pull/23231))
- **core:** addPlugin should not conflict on project.json targ… ([#​23391](https://togithub.com/nrwl/nx/pull/23391))
- **core:** fix affected detection for inputs after named inputs ([#​23354](https://togithub.com/nrwl/nx/pull/23354))
- **core:** fix eslint --help command ([#​23274](https://togithub.com/nrwl/nx/pull/23274))
- **core:** copy native files to tmp file location instead of .nx/cache ([#​23375](https://togithub.com/nrwl/nx/pull/23375))
- **core:** retry interrupted errors when writing to stdout ([#​23359](https://togithub.com/nrwl/nx/pull/23359))
- **core:** do not add an ending new line when serializing a json ([#​23440](https://togithub.com/nrwl/nx/pull/23440))
- **core:** migrate should warn if package does not exist ([#​23317](https://togithub.com/nrwl/nx/pull/23317))
- **core:** azure ci workflow ([#​23453](https://togithub.com/nrwl/nx/pull/23453))
- **core:** only check for `err` in `handleWorkspaceChanges` ([#​23500](https://togithub.com/nrwl/nx/pull/23500))
- **core:** remove duplicate `js-yaml` packages ([f1ae1bc879](https://togithub.com/nrwl/nx/commit/f1ae1bc879))
- **core:** fix alias package parsing and pruning for npm ([#​23474](https://togithub.com/nrwl/nx/pull/23474))
- **core:** install packages per migration when creating commits ([#​23820](https://togithub.com/nrwl/nx/pull/23820))
- **core:** more helpful output for format:check --verbose ([#​23503](https://togithub.com/nrwl/nx/pull/23503))
- **core:** fix buildTargetFromScript takes a long time ([#​25209](https://togithub.com/nrwl/nx/pull/25209))
- **core:** cache getting the package manager to the module scope ([#​25992](https://togithub.com/nrwl/nx/pull/25992))
- **core:** use zkochan/js-yaml directly to avoid false audit errors ([#​25999](https://togithub.com/nrwl/nx/pull/25999))
- **core:** use current user when hashing native file & enable setting its directory via env ([#​24326](https://togithub.com/nrwl/nx/pull/24326))
- **devkit:** combineAsyncIterable should not be blocking when error occurs [#​21393](https://togithub.com/nrwl/nx/issues/21393) ([#​23400](https://togithub.com/nrwl/nx/pull/23400), [#​21393](https://togithub.com/nrwl/nx/issues/21393))
- **gradle:** use local gradlew instead of sdkman ([#​23205](https://togithub.com/nrwl/nx/pull/23205))
- **gradle:** run gradle init if no settings.gradle ([#​23226](https://togithub.com/nrwl/nx/pull/23226))
- **graph:** properly remove <base> tag when generating static graph file ([#​23399](https://togithub.com/nrwl/nx/pull/23399))
- **graph:** reload graph app only when hash changes in watch mode ([#​23434](https://togithub.com/nrwl/nx/pull/23434))
- **js:** Adds mjs files to prettierrcNameOptions ([#​21796](https://togithub.com/nrwl/nx/pull/21796))
- **js:** copy assets handler should correctly handle assets on windows ([#​23351](https://togithub.com/nrwl/nx/pull/23351))
- **js:** Respect loose option provided from config ([#​23406](https://togithub.com/nrwl/nx/pull/23406))
- **js:** fix update package.json ([#​21415](https://togithub.com/nrwl/nx/pull/21415))
- **js:** print warning when --generateLockfile is used with Bun rather than erroring out ([#​25158](https://togithub.com/nrwl/nx/pull/25158))
- **js:** export setup verdaccio generator ([#​24008](https://togithub.com/nrwl/nx/pull/24008))
- **js:** handle tsconfig file with no compilerOptions ([#​25966](https://togithub.com/nrwl/nx/pull/25966))
- **linter:** ensure config.rules is spread into rules in flat config migration ([#​23263](https://togithub.com/nrwl/nx/pull/23263))
- **linter:** ensure all spreads are removed from rules before parsing ([#​23292](https://togithub.com/nrwl/nx/pull/23292))
- **linter:** log transpilation errors of workspace rules ([#​21503](https://togithub.com/nrwl/nx/pull/21503))
- **linter:** rename languageSettings to languageOptions for flat config migration ([#​22924](https://togithub.com/nrwl/nx/pull/22924))
- **linter:** fix migrating projects with the eslint plugin ([#​23147](https://togithub.com/nrwl/nx/pull/23147))
- **linter:** support eslint v9 ([#​24632](https://togithub.com/nrwl/nx/pull/24632))
- **linter:** only set flat config env for eslint v9+ ([#​25189](https://togithub.com/nrwl/nx/pull/25189))
- **linter:** only depend on eslint v8 ([#​25938](https://togithub.com/nrwl/nx/pull/25938))
- **linter:** migrate no-extra-semi rules into user config, out of nx extendable configs ([#​26011](https://togithub.com/nrwl/nx/pull/26011))
- **linter:** move eslint to peerDependencies and allow eslint 9 ([#​26013](https://togithub.com/nrwl/nx/pull/26013))
- **misc:** create workspaces and default app with the name as provided ([#​23196](https://togithub.com/nrwl/nx/pull/23196))
- **misc:** adjust deprecation messages to v20 ([#​23223](https://togithub.com/nrwl/nx/pull/23223))
- **misc:** move e2e-ci to a separate parallel 1 command ([#​23305](https://togithub.com/nrwl/nx/pull/23305))
- **misc:** guard against failure to decode file in migration ([#​23069](https://togithub.com/nrwl/nx/pull/23069))
- **misc:** adjust npm keywords ([#​24743](https://togithub.com/nrwl/nx/pull/24743))
- **misc:** various inference plugins caching should track changes ([#​23315](https://togithub.com/nrwl/nx/pull/23315))
- **module-federation:** nested projects should be ordered first when reading from tsconfig paths [#​20284](https://togithub.com/nrwl/nx/issues/20284) ([#​23212](https://togithub.com/nrwl/nx/pull/23212), [#​20284](https://togithub.com/nrwl/nx/issues/20284))
- **module-federation:** Throw an error if remote is invalid ([#​23100](https://togithub.com/nrwl/nx/pull/23100))
- **nextjs:** Moving a library using [@​nx/workspace](https://togithub.com/nx/workspace):move should update … ([#​23311](https://togithub.com/nrwl/nx/pull/23311))
- **nextjs:** additional experimental HTTPS options ([#​23334](https://togithub.com/nrwl/nx/pull/23334))
- **node:** Docker generator should work ([#​23452](https://togithub.com/nrwl/nx/pull/23452))
- **nx-cloud:** ensure generated ci workflows use dlx for nx-cloud ([#​23333](https://togithub.com/nrwl/nx/pull/23333))
- **nx-dev:** fix home page mobile menu ([#​23250](https://togithub.com/nrwl/nx/pull/23250))
- **nx-dev:** move table of contents down ([#​23350](https://togithub.com/nrwl/nx/pull/23350))
- **react:** respect unitTestRunner passed to the generator ([#​23383](https://togithub.com/nrwl/nx/pull/23383))
- **react:** remote generator should update host's app routes ([#​23499](https://togithub.com/nrwl/nx/pull/23499))
- **react:** applications not using plugin usage should set target defaults ([#​23582](https://togithub.com/nrwl/nx/pull/23582))
- **react-native:** fix test-setup for react native/expo jest ([#​23314](https://togithub.com/nrwl/nx/pull/23314))
- **release:** ensure changelog renderers are resolvable when processing config ([#​23214](https://togithub.com/nrwl/nx/pull/23214))
- **release:** invalid tag for fixed groups without changes ([#​22800](https://togithub.com/nrwl/nx/pull/22800))
- **release:** npm publish error when file path contains spaces ([#​24750](https://togithub.com/nrwl/nx/pull/24750))
- **repo:** hash proper projects when nx ([#​23506](https://togithub.com/nrwl/nx/pull/23506))
- **storybook:** should handle inferred cypress when generating cypress project [#​21770](https://togithub.com/nrwl/nx/issues/21770) ([#​23327](https://togithub.com/nrwl/nx/pull/23327), [#​21770](https://togithub.com/nrwl/nx/issues/21770))
- **testing:** resolve absolute paths for ts path mappings in jest resolver ([#​23346](https://togithub.com/nrwl/nx/pull/23346))
- **testing:** ignore jest-sequencer- paths in jest resolver ([#​23396](https://togithub.com/nrwl/nx/pull/23396))
- **testing:** check for project eslint config file in cypress and pla… ([#​23401](https://togithub.com/nrwl/nx/pull/23401))
- **testing:** handle existing jest preset file correctly ([#​23437](https://togithub.com/nrwl/nx/pull/23437))
- **vite:** don't generate tasks for remix projects ([#​22551](https://togithub.com/nrwl/nx/pull/22551))
- **vite:** get tsconfig from new path including target ([#​22775](https://togithub.com/nrwl/nx/pull/22775))
- **vite:** support passing --watch to inferred vitest commands ([#​23298](https://togithub.com/nrwl/nx/pull/23298))
- **vite:** generate vitest cache dir scoped to each project root and normalize vite cache dir ([#​23330](https://togithub.com/nrwl/nx/pull/23330))
- **vite:** migration should handle config object correctly [#​20921](https://togithub.com/nrwl/nx/issues/20921) ([#​23364](https://togithub.com/nrwl/nx/pull/23364), [#​20921](https://togithub.com/nrwl/nx/issues/20921))
- **vite:** add prop to config to ensure output dir is emptied [#​23382](https://togithub.com/nrwl/nx/issues/23382) ([#​23466](https://togithub.com/nrwl/nx/pull/23466), [#​23382](https://togithub.com/nrwl/nx/issues/23382))
- **vue:** ootb unit testing should work with --routing [#​19921](https://togithub.com/nrwl/nx/issues/19921) ([#​23441](https://togithub.com/nrwl/nx/pull/23441), [#​19921](https://togithub.com/nrwl/nx/issues/19921))
- **web:** Add strict mode ([#​23457](https://togithub.com/nrwl/nx/pull/23457))
- **web:** Add strict mode" ([#​23472](https://togithub.com/nrwl/nx/pull/23472))
- **web:** Add strict mode for [@​nx/web](https://togithub.com/nx/web) ([#​23497](https://togithub.com/nrwl/nx/pull/23497))
- **webpack:** fix default compiler option ([#​22762](https://togithub.com/nrwl/nx/pull/22762))
- **webpack:** don't overwrite output config ([#​22116](https://togithub.com/nrwl/nx/pull/22116))
- **webpack:** publicPath and rebaseRootRelative ([#​20992](https://togithub.com/nrwl/nx/pull/20992))
- **webpack:** apply-base-config should initialize options it will set [#​23296](https://togithub.com/nrwl/nx/issues/23296) ([#​23368](https://togithub.com/nrwl/nx/pull/23368), [#​23296](https://togithub.com/nrwl/nx/issues/23296))
- **webpack:** only add entrypoints if they are intentionally injected [#​20049](https://togithub.com/nrwl/nx/issues/20049) ([#​23444](https://togithub.com/nrwl/nx/pull/23444), [#​20049](https://togithub.com/nrwl/nx/issues/20049))
##### ❤️ Thank You
- andriizavoiko [@​andriizavoiko](https://togithub.com/andriizavoiko)
- arekkubaczkowski [@​arekkubaczkowski](https://togithub.com/arekkubaczkowski)
- castleadmin [@​castleadmin](https://togithub.com/castleadmin)
- Colum Ferry [@​Coly010](https://togithub.com/Coly010)
- Craigory Coppola [@​AgentEnder](https://togithub.com/AgentEnder)
- Daniel Santiago
- Denis Bendrikov
- dmcweeney
- Dmitry Zakharov [@​pumano](https://togithub.com/pumano)
- Edward Wang [@​wzc0415](https://togithub.com/wzc0415)
- Emily Xiong [@​xiongemi](https://togithub.com/xiongemi)
- Isaac Mann [@​isaacplmann](https://togithub.com/isaacplmann)
- Jack Hsu [@​jaysoo](https://togithub.com/jaysoo)
- James Henry [@​JamesHenry](https://togithub.com/JamesHenry)
- Jason Jean [@​FrozenPandaz](https://togithub.com/FrozenPandaz)
- Jonathan Cammisuli
- Jordan Hall [@​Jordan-Hall](https://togithub.com/Jordan-Hall)
- Katerina Skroumpelou [@​mandarini](https://togithub.com/mandarini)
- Krystian Sowiński [@​plumcoding](https://togithub.com/plumcoding)
- Leosvel Pérez Espinosa [@​leosvelperez](https://togithub.com/leosvelperez)
- Mateo Tibaquirá
- Matthias Stemmler [@​ms-tng](https://togithub.com/ms-tng)
- MaxKless [@​MaxKless](https://togithub.com/MaxKless)
- Mehrad Rafigh [@​mehrad-rafigh](https://togithub.com/mehrad-rafigh)
- Mike Peters
- Miroslav Jonaš [@​meeroslav](https://togithub.com/meeroslav)
- Nicholas Cunningham [@​ndcunningham](https://togithub.com/ndcunningham)
- Patrick P [@​ppfenning92](https://togithub.com/ppfenning92)
- Phillip Barta [@​Phillip9587](https://togithub.com/Phillip9587)
- Robin Csutorás
- Sean Sanker
- Younes Jaaidi
</details>
<details>
<summary>cloudflare/wrangler-action (cloudflare/wrangler-action)</summary>
### [`v3.6.1`](https://togithub.com/cloudflare/wrangler-action/releases/tag/v3.6.1)
[Compare Source](https://togithub.com/cloudflare/wrangler-action/compare/v3.6.0...v3.6.1)
##### Patch Changes
- [#​265](https://togithub.com/cloudflare/wrangler-action/pull/265) [`2d275a8f2d279dc91912c1ff8023af109ef3280c`](https://togithub.com/cloudflare/wrangler-action/commit/2d275a8f2d279dc91912c1ff8023af109ef3280c) Thanks [@​Maximo-Guk](https://togithub.com/Maximo-Guk)! - Reverts [#​235](https://togithub.com/cloudflare/wrangler-action/issues/235) which may have caused the latest version of wrangler to be installed, if no wrangler version was found
</details>
<details>
<summary>megahertz/electron-log (electron-log)</summary>
### [`v5.1.5`](https://togithub.com/megahertz/electron-log/compare/v5.1.4...v5.1.5)
[Compare Source](https://togithub.com/megahertz/electron-log/compare/v5.1.4...v5.1.5)
</details>
<details>
<summary>evanw/esbuild (esbuild)</summary>
### [`v0.21.4`](https://togithub.com/evanw/esbuild/blob/HEAD/CHANGELOG.md#0214)
[Compare Source](https://togithub.com/evanw/esbuild/compare/v0.21.3...v0.21.4)
- Update support for import assertions and import attributes in node ([#​3778](https://togithub.com/evanw/esbuild/issues/3778))
Import assertions (the `assert` keyword) have been removed from node starting in v22.0.0. So esbuild will now strip them and generate a warning with `--target=node22` or above:
▲ [WARNING] The "assert" keyword is not supported in the configured target environment ("node22") [assert-to-with]
example.mjs:1:40:
1 │ import json from "esbuild/package.json" assert { type: "json" }
│ ~~~~~~
╵ with
Did you mean to use "with" instead of "assert"?
Import attributes (the `with` keyword) have been backported to node 18 starting in v18.20.0. So esbuild will no longer strip them with `--target=node18.N` if `N` is 20 or greater.
- Fix `for await` transform when a label is present
This release fixes a bug where the `for await` transform, which wraps the loop in a `try` statement, previously failed to also move the loop's label into the `try` statement. This bug only affects code that uses both of these features in combination. Here's an example of some affected code:
```js
// Original code
async function test() {
outer: for await (const x of [Promise.resolve([0, 1])]) {
for (const y of x) if (y) break outer
throw 'fail'
}
}
// Old output (with --target=es6)
function test() {
return __async(this, null, function* () {
outer: try {
for (var iter = __forAwait([Promise.resolve([0, 1])]), more, temp, error; more = !(temp = yield iter.next()).done; more = false) {
const x = temp.value;
for (const y of x) if (y) break outer;
throw "fail";
}
} catch (temp) {
error = [temp];
} finally {
try {
more && (temp = iter.return) && (yield temp.call(iter));
} finally {
if (error)
throw error[0];
}
}
});
}
// New output (with --target=es6)
function test() {
return __async(this, null, function* () {
try {
outer: for (var iter = __forAwait([Promise.resolve([0, 1])]), more, temp, error; more = !(temp = yield iter.next()).done; more = false) {
const x = temp.value;
for (const y of x) if (y) break outer;
throw "fail";
}
} catch (temp) {
error = [temp];
} finally {
try {
more && (temp = iter.return) && (yield temp.call(iter));
} finally {
if (error)
throw error[0];
}
}
});
}
```
- Do additional constant folding after cross-module enum inlining ([#​3416](https://togithub.com/evanw/esbuild/issues/3416), [#​3425](https://togithub.com/evanw/esbuild/issues/3425))
This release adds a few more cases where esbuild does constant folding after cross-module enum inlining.
```ts
// Original code: enum.ts
export enum Platform {
WINDOWS = 'windows',
MACOS = 'macos',
LINUX = 'linux',
}
// Original code: main.ts
import { Platform } from './enum';
declare const PLATFORM: string;
export function logPlatform() {
if (PLATFORM == Platform.WINDOWS) console.log('Windows');
else if (PLATFORM == Platform.MACOS) console.log('macOS');
else if (PLATFORM == Platform.LINUX) console.log('Linux');
else console.log('Other');
}
// Old output (with --bundle '--define:PLATFORM="macos"' --minify --format=esm)
function n(){"windows"=="macos"?console.log("Windows"):"macos"=="macos"?console.log("macOS"):"linux"=="macos"?console.log("Linux"):console.log("Other")}export{n as logPlatform};
// New output (with --bundle '--define:PLATFORM="macos"' --minify --format=esm)
function n(){console.log("macOS")}export{n as logPlatform};
```
- Pass import attributes to on-resolve plugins ([#​3384](https://togithub.com/evanw/esbuild/issues/3384), [#​3639](https://togithub.com/evanw/esbuild/issues/3639), [#​3646](https://togithub.com/evanw/esbuild/issues/3646))
With this release, on-resolve plugins will now have access to the import attributes on the import via the `with` property of the arguments object. This mirrors the `with` property of the arguments object that's already passed to on-load plugins. In addition, you can now pass `with` to the `resolve()` API call which will then forward that value on to all relevant plugins. Here's an example of a plugin that can now be written:
```js
const examplePlugin = {
name: 'Example plugin',
setup(build) {
build.onResolve({ filter: /.*/ }, args => {
if (args.with.type === 'external')
return { external: true }
})
}
}
require('esbuild').build({
stdin: {
contents: `
import foo from "./foo" with { type: "external" }
foo()
`,
},
bundle: true,
format: 'esm',
write: false,
plugins: [examplePlugin],
}).then(result => {
console.log(result.outputFiles[0].text)
})
```
- Formatting support for the `@position-try` rule ([#​3773](https://togithub.com/evanw/esbuild/issues/3773))
Chrome shipped this new CSS at-rule in version 125 as part of the [CSS anchor positioning API](https://developer.chrome.com/blog/anchor-positioning-api). With this release, esbuild now knows to expect a declaration list inside of the `@position-try` body block and will format it appropriately.
- Always allow internal string import and export aliases ([#​3343](https://togithub.com/evanw/esbuild/issues/3343))
Import and export names can be string literals in ES2022+. Previously esbuild forbid any usage of these aliases when the target was below ES2022. Starting with this release, esbuild will only forbid such usage when the alias would otherwise end up in output as a string literal. String literal aliases that are only used internally in the bundle and are "compiled away" are no longer errors. This makes it possible to use string literal aliases with esbuild's `inject` feature even when the target is earlier than ES2022.
</details>
<details>
<summary>okonet/lint-staged (lint-staged)</summary>
### [`v15.2.5`](https://togithub.com/okonet/lint-staged/blob/HEAD/CHANGELOG.md#1525)
[Compare Source](https://togithub.com/okonet/lint-staged/compare/v15.2.4...v15.2.5)
##### Patch Changes
- [#​1424](https://togithub.com/lint-staged/lint-staged/pull/1424) [`31a1f95`](https://togithub.com/lint-staged/lint-staged/commit/31a1f9548ea8202bc5bd718076711f747396e3ca) Thanks [@​iiroj](https://togithub.com/iiroj)! - Allow approximately equivalent versions of direct dependencies by using the "~" character in the version ranges. This means a more recent patch version of a dependency is allowed if available.
- [#​1423](https://togithub.com/lint-staged/lint-staged/pull/1423) [`91abea0`](https://togithub.com/lint-staged/lint-staged/commit/91abea0d298154d92113ba34bae4020704e22918) Thanks [@​iiroj](https://togithub.com/iiroj)! - Improve error logging when failing to read or parse a configuration file
- [#​1424](https://togithub.com/lint-staged/lint-staged/pull/1424) [`ee43f15`](https://togithub.com/lint-staged/lint-staged/commit/ee43f154097753dd5448766f792387e60e0ea453) Thanks [@​iiroj](https://togithub.com/iiroj)! - Upgrade micromatch@4.0.7
</details>
<details>
<summary>remy/nodemon (nodemon)</summary>
### [`v3.1.1`](https://togithub.com/remy/nodemon/releases/tag/v3.1.1)
[Compare Source](https://togithub.com/remy/nodemon/compare/v3.1.0...v3.1.1)
##### Bug Fixes
- add types to help with required nodemon usage ([#​2204](https://togithub.com/remy/nodemon/issues/2204)) ([cd27c0b](https://togithub.com/remy/nodemon/commit/cd27c0b50584e078a10338ef0c37282255f3f9ca))
</details>
<details>
<summary>Amanieu/parking_lot (parking_lot)</summary>
### [`v0.12.3`](https://togithub.com/Amanieu/parking_lot/blob/HEAD/CHANGELOG.md#parkinglot-0123-2024-05-24)
[Compare Source](https://togithub.com/Amanieu/parking_lot/compare/0.12.2...0.12.3)
- Export types provided by arc_lock feature ([#​442](https://togithub.com/Amanieu/parking_lot/issues/442))
</details>
<details>
<summary>petyosi/react-virtuoso (react-virtuoso)</summary>
### [`v4.7.11`](https://togithub.com/petyosi/react-virtuoso/releases/tag/v4.7.11)
[Compare Source](https://togithub.com/petyosi/react-virtuoso/compare/v4.7.10...v4.7.11)
##### Bug Fixes
- update initialTopMostItemIndex type in TableVirtuoso interface ([#​1091](https://togithub.com/petyosi/react-virtuoso/issues/1091)) ([9a93e93](https://togithub.com/petyosi/react-virtuoso/commit/9a93e93dcbe5c02ad61dbd87d5e0c27251a583c6))
</details>
<details>
<summary>serde-rs/serde (serde)</summary>
### [`v1.0.203`](https://togithub.com/serde-rs/serde/compare/v1.0.202...v1.0.203)
[Compare Source](https://togithub.com/serde-rs/serde/compare/v1.0.202...v1.0.203)
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNjguMTAiLCJ1cGRhdGVkSW5WZXIiOiIzNy4zNjguMTAiLCJ0YXJnZXRCcmFuY2giOiJjYW5hcnkiLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19-->
2024-05-27 08:33:12 +03:00
|
|
|
checksum = "f1bf18183cf54e8d6059647fc3063646a1801cf30896933ec2311622cc4b9a27"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"lock_api",
|
|
|
|
"parking_lot_core",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "parking_lot_core"
|
2024-05-16 12:15:58 +03:00
|
|
|
version = "0.9.10"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-16 12:15:58 +03:00
|
|
|
checksum = "1e401f977ab385c9e4e3ab30627d6f26d00e2c73eef317493c4ec6d468726cf8"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"cfg-if",
|
|
|
|
"libc",
|
2024-09-03 10:42:54 +03:00
|
|
|
"redox_syscall",
|
2023-08-29 13:07:05 +03:00
|
|
|
"smallvec",
|
2024-09-03 10:42:54 +03:00
|
|
|
"windows-targets 0.52.6",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "paste"
|
2024-05-16 12:15:58 +03:00
|
|
|
version = "1.0.15"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-16 12:15:58 +03:00
|
|
|
checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "pem-rfc7468"
|
|
|
|
version = "0.7.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412"
|
|
|
|
dependencies = [
|
|
|
|
"base64ct",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "percent-encoding"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "2.3.1"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "pin-project-lite"
|
2024-11-09 06:39:11 +03:00
|
|
|
version = "0.2.15"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-09 06:39:11 +03:00
|
|
|
checksum = "915a1e146535de9163f3987b8944ed8cf49a18bb0056bcebcdcece385cece4ff"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "pin-utils"
|
|
|
|
version = "0.1.0"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "pkcs1"
|
|
|
|
version = "0.7.5"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f"
|
|
|
|
dependencies = [
|
|
|
|
"der",
|
|
|
|
"pkcs8",
|
|
|
|
"spki",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "pkcs8"
|
|
|
|
version = "0.10.2"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7"
|
|
|
|
dependencies = [
|
|
|
|
"der",
|
|
|
|
"spki",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "pkg-config"
|
2024-10-07 20:20:37 +03:00
|
|
|
version = "0.3.31"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-10-07 20:20:37 +03:00
|
|
|
checksum = "953ec861398dccce10c670dfeaf3ec4911ca479e9c02154b3a215178c5f566f2"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
2024-12-10 06:43:34 +03:00
|
|
|
[[package]]
|
|
|
|
name = "plain"
|
|
|
|
version = "0.2.3"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "b4596b6d070b27117e987119b4dac604f3c58cfb0b191112e24771b2faeac1a6"
|
|
|
|
|
2023-10-23 06:00:15 +03:00
|
|
|
[[package]]
|
2024-01-31 09:54:33 +03:00
|
|
|
name = "ppv-lite86"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.2.20"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "77957b295656769bb8ad2b6a6b09d897d94f05c41b069aede1fcdaa675eaea04"
|
|
|
|
dependencies = [
|
|
|
|
"zerocopy",
|
|
|
|
]
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
2024-01-31 09:54:33 +03:00
|
|
|
name = "proc-macro2"
|
2024-11-28 06:26:09 +03:00
|
|
|
version = "1.0.92"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-28 06:26:09 +03:00
|
|
|
checksum = "37d3544b3f2748c54e147655edb5025752e2303145b5aefb3c3ea2c78b973bb0"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
2024-01-31 09:54:33 +03:00
|
|
|
"unicode-ident",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "quote"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "1.0.37"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"proc-macro2",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "radium"
|
|
|
|
version = "0.7.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "dc33ff2d4973d518d823d61aa239014831e521c75da58e3df4840d3f47749d09"
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "rand"
|
|
|
|
version = "0.8.5"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
|
|
|
|
dependencies = [
|
|
|
|
"libc",
|
2023-09-04 10:31:00 +03:00
|
|
|
"rand_chacha",
|
|
|
|
"rand_core",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "rand_chacha"
|
|
|
|
version = "0.3.1"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
|
|
|
|
dependencies = [
|
|
|
|
"ppv-lite86",
|
2023-09-04 10:31:00 +03:00
|
|
|
"rand_core",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "rand_core"
|
|
|
|
version = "0.6.4"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
|
|
|
|
dependencies = [
|
2023-09-04 10:31:00 +03:00
|
|
|
"getrandom",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
2023-11-10 05:25:28 +03:00
|
|
|
[[package]]
|
|
|
|
name = "rand_distr"
|
|
|
|
version = "0.4.3"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "32cb0b9bc82b0a0876c2dd994a7e7a2683d3e7390ca40e6886785ef0c7e3ee31"
|
|
|
|
dependencies = [
|
|
|
|
"num-traits",
|
|
|
|
"rand",
|
|
|
|
]
|
|
|
|
|
2024-11-14 13:22:38 +03:00
|
|
|
[[package]]
|
|
|
|
name = "rayon"
|
|
|
|
version = "1.10.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "b418a60154510ca1a002a752ca9714984e21e4241e804d32555251faf8b78ffa"
|
|
|
|
dependencies = [
|
|
|
|
"either",
|
|
|
|
"rayon-core",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "rayon-core"
|
|
|
|
version = "1.12.1"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "1465873a3dfdaa8ae7cb14b4383657caab0b3e8a0aa9ae8e04b044854c8dfce2"
|
|
|
|
dependencies = [
|
|
|
|
"crossbeam-deque",
|
|
|
|
"crossbeam-utils",
|
|
|
|
]
|
|
|
|
|
2023-10-23 06:00:15 +03:00
|
|
|
[[package]]
|
|
|
|
name = "redox_syscall"
|
2024-12-13 16:04:06 +03:00
|
|
|
version = "0.5.8"
|
2024-05-16 12:15:58 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-13 16:04:06 +03:00
|
|
|
checksum = "03a862b389f93e68874fbf580b9de08dd02facb9a788ebadaf4a3fd33cf58834"
|
2024-05-16 12:15:58 +03:00
|
|
|
dependencies = [
|
2024-12-13 09:13:05 +03:00
|
|
|
"bitflags",
|
2024-05-16 12:15:58 +03:00
|
|
|
]
|
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "regex"
|
2024-11-09 06:39:11 +03:00
|
|
|
version = "1.11.1"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-09 06:39:11 +03:00
|
|
|
checksum = "b544ef1b4eac5dc2db33ea63606ae9ffcfac26c1416a2806ae0bf5f56b201191"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
2023-09-04 10:31:00 +03:00
|
|
|
"aho-corasick",
|
2023-08-29 13:07:05 +03:00
|
|
|
"memchr",
|
2024-11-28 06:26:09 +03:00
|
|
|
"regex-automata 0.4.9",
|
2024-11-09 06:39:11 +03:00
|
|
|
"regex-syntax 0.8.5",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "regex-automata"
|
|
|
|
version = "0.1.10"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "6c230d73fb8d8c1b9c0b3135c5142a8acee3a0558fb8db5cf1cb65f8d7862132"
|
|
|
|
dependencies = [
|
|
|
|
"regex-syntax 0.6.29",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "regex-automata"
|
2024-11-28 06:26:09 +03:00
|
|
|
version = "0.4.9"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-28 06:26:09 +03:00
|
|
|
checksum = "809e8dc61f6de73b46c85f4c96486310fe304c434cfa43669d7b40f711150908"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
2023-09-04 10:31:00 +03:00
|
|
|
"aho-corasick",
|
2023-08-29 13:07:05 +03:00
|
|
|
"memchr",
|
2024-11-09 06:39:11 +03:00
|
|
|
"regex-syntax 0.8.5",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "regex-syntax"
|
|
|
|
version = "0.6.29"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1"
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "regex-syntax"
|
2024-11-09 06:39:11 +03:00
|
|
|
version = "0.8.5"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-09 06:39:11 +03:00
|
|
|
checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "ring"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.17.8"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "c17fa4cb658e3583423e915b9f3acc01cceaee1860e33d59ebae66adc3a2dc0d"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"cc",
|
2024-04-19 23:14:13 +03:00
|
|
|
"cfg-if",
|
|
|
|
"getrandom",
|
2023-08-29 13:07:05 +03:00
|
|
|
"libc",
|
2024-06-24 11:06:20 +03:00
|
|
|
"spin",
|
2023-08-29 13:07:05 +03:00
|
|
|
"untrusted",
|
2024-04-19 23:14:13 +03:00
|
|
|
"windows-sys 0.52.0",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "rsa"
|
2024-11-28 06:26:09 +03:00
|
|
|
version = "0.9.7"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-28 06:26:09 +03:00
|
|
|
checksum = "47c75d7c5c6b673e58bf54d8544a9f432e3a925b0e80f7cd3602ab5c50c55519"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"const-oid",
|
|
|
|
"digest",
|
|
|
|
"num-bigint-dig",
|
|
|
|
"num-integer",
|
|
|
|
"num-traits",
|
|
|
|
"pkcs1",
|
2023-06-07 09:52:19 +03:00
|
|
|
"pkcs8",
|
2023-09-04 10:31:00 +03:00
|
|
|
"rand_core",
|
2023-08-29 13:07:05 +03:00
|
|
|
"signature",
|
2023-06-07 09:52:19 +03:00
|
|
|
"spki",
|
2023-08-29 13:07:05 +03:00
|
|
|
"subtle",
|
2023-06-07 09:52:19 +03:00
|
|
|
"zeroize",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "rustc-demangle"
|
2024-05-16 12:15:58 +03:00
|
|
|
version = "0.1.24"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-16 12:15:58 +03:00
|
|
|
checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f"
|
2023-06-07 09:52:19 +03:00
|
|
|
|
2024-05-16 10:55:10 +03:00
|
|
|
[[package]]
|
|
|
|
name = "rustc-hash"
|
|
|
|
version = "1.1.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "rustix"
|
2024-12-13 16:04:06 +03:00
|
|
|
version = "0.38.42"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-13 16:04:06 +03:00
|
|
|
checksum = "f93dc38ecbab2eb790ff964bb77fa94faf256fd3e73285fd7ba0903b76bedb85"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2024-12-13 09:13:05 +03:00
|
|
|
"bitflags",
|
2023-08-29 13:07:05 +03:00
|
|
|
"errno",
|
|
|
|
"libc",
|
|
|
|
"linux-raw-sys",
|
2024-12-13 16:04:06 +03:00
|
|
|
"windows-sys 0.59.0",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "rustls"
|
2024-12-13 16:04:06 +03:00
|
|
|
version = "0.23.20"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-13 16:04:06 +03:00
|
|
|
checksum = "5065c3f250cbd332cd894be57c40fa52387247659b14a2d6041d121547903b1b"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"once_cell",
|
2023-08-29 13:07:05 +03:00
|
|
|
"ring",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"rustls-pki-types",
|
2023-08-29 13:07:05 +03:00
|
|
|
"rustls-webpki",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"subtle",
|
|
|
|
"zeroize",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "rustls-pemfile"
|
2024-11-09 06:39:11 +03:00
|
|
|
version = "2.2.0"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-09 06:39:11 +03:00
|
|
|
checksum = "dce314e5fee3f39953d46bb63bb8a46d40c2f8fb7cc5a3b6cab2bde9721d6e50"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"rustls-pki-types",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
[[package]]
|
|
|
|
name = "rustls-pki-types"
|
2024-11-09 06:39:11 +03:00
|
|
|
version = "1.10.0"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-09 06:39:11 +03:00
|
|
|
checksum = "16f1201b3c9a7ee8039bcadc17b7e605e2945b27eee7631788c1bd2b0643674b"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "rustls-webpki"
|
2024-09-13 10:11:05 +03:00
|
|
|
version = "0.102.8"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-13 10:11:05 +03:00
|
|
|
checksum = "64ca1bc8749bd4cf37b5ce386cc146580777b4e8572c7b97baf22c83f444bee9"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"ring",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"rustls-pki-types",
|
2023-08-29 13:07:05 +03:00
|
|
|
"untrusted",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "rustversion"
|
2024-11-09 06:39:11 +03:00
|
|
|
version = "1.0.18"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-09 06:39:11 +03:00
|
|
|
checksum = "0e819f2bc632f285be6d7cd36e25940d45b2391dd6d9b939e79de557f7014248"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "ryu"
|
2024-05-16 12:15:58 +03:00
|
|
|
version = "1.0.18"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-16 12:15:58 +03:00
|
|
|
checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "same-file"
|
|
|
|
version = "1.0.6"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502"
|
|
|
|
dependencies = [
|
|
|
|
"winapi-util",
|
|
|
|
]
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
2023-08-29 13:07:05 +03:00
|
|
|
name = "scoped-tls"
|
|
|
|
version = "1.0.1"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "e1cf6437eb19a8f4a6cc0f7dca544973b0b78843adbfeb3683d1a94a0024a294"
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "scopeguard"
|
|
|
|
version = "1.2.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
|
|
|
|
|
2024-12-10 06:43:34 +03:00
|
|
|
[[package]]
|
|
|
|
name = "scroll"
|
|
|
|
version = "0.12.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "6ab8598aa408498679922eff7fa985c25d58a90771bd6be794434c5277eab1a6"
|
|
|
|
dependencies = [
|
|
|
|
"scroll_derive",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "scroll_derive"
|
|
|
|
version = "0.12.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "7f81c2fde025af7e69b1d1420531c8a8811ca898919db177141a85313b1cb932"
|
|
|
|
dependencies = [
|
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
|
|
|
"syn",
|
|
|
|
]
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
|
|
|
name = "semver"
|
2024-12-13 16:04:06 +03:00
|
|
|
version = "1.0.24"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-13 16:04:06 +03:00
|
|
|
checksum = "3cb6eb87a131f756572d7fb904f6e7b68633f09cca868c5df1c4b8d1a694bbba"
|
2024-12-10 06:43:34 +03:00
|
|
|
dependencies = [
|
|
|
|
"serde",
|
|
|
|
]
|
2023-06-07 09:52:19 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "serde"
|
2024-12-12 18:45:43 +03:00
|
|
|
version = "1.0.216"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-12 18:45:43 +03:00
|
|
|
checksum = "0b9781016e935a97e8beecf0c933758c97a5520d32930e460142b4cd80c6338e"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"serde_derive",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "serde_derive"
|
2024-12-12 18:45:43 +03:00
|
|
|
version = "1.0.216"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-12 18:45:43 +03:00
|
|
|
checksum = "46f859dbbf73865c6627ed570e78961cd3ac92407a2d117204c49232485da55e"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"syn",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "serde_json"
|
2024-11-27 12:26:50 +03:00
|
|
|
version = "1.0.133"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-27 12:26:50 +03:00
|
|
|
checksum = "c7fceb2473b9166b2294ef05efcb65a3db80803f0b03ef86a5fc88a2b85ee377"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"itoa",
|
chore: bump up all non-major dependencies (#7925)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type | Update |
|---|---|---|---|---|---|---|---|
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@chromatic-com/storybook](https://togithub.com/chromaui/addon-visual-tests) | [`1.6.1` -> `1.7.0`](https://renovatebot.com/diffs/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [@fal-ai/serverless-client](https://togithub.com/fal-ai/fal-js) ([source](https://togithub.com/fal-ai/fal-js/tree/HEAD/libs/client)) | [`^0.13.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@napi-rs/cli](https://togithub.com/napi-rs/napi-rs) | [`3.0.0-alpha.60` -> `3.0.0-alpha.62`](https://renovatebot.com/diffs/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@playwright/test](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@types/react](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/react) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react)) | [`18.3.3` -> `18.3.4`](https://renovatebot.com/diffs/npm/@types%2freact/18.3.3/18.3.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/css](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/css)) | [`1.15.4` -> `1.15.5`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fcss/1.15.4/1.15.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/vite-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/vite-plugin)) | [`4.0.14` -> `4.0.15`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/webpack-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/webpack-plugin)) | [`2.3.12` -> `2.3.13`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [dayjs](https://day.js.org) ([source](https://togithub.com/iamkun/dayjs)) | [`1.11.12` -> `1.11.13`](https://renovatebot.com/diffs/npm/dayjs/1.11.12/1.11.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [electron](https://togithub.com/electron/electron) | [`32.0.0` -> `32.0.1`](https://renovatebot.com/diffs/npm/electron/32.0.0/32.0.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [embla-carousel-react](https://www.embla-carousel.com) ([source](https://togithub.com/davidjerleke/embla-carousel)) | [`8.1.8` -> `8.2.0`](https://renovatebot.com/diffs/npm/embla-carousel-react/8.1.8/8.2.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [husky](https://togithub.com/typicode/husky) | [`9.1.4` -> `9.1.5`](https://renovatebot.com/diffs/npm/husky/9.1.4/9.1.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [jotai-scope](https://togithub.com/jotaijs/jotai-scope) | [`0.7.1` -> `0.7.2`](https://renovatebot.com/diffs/npm/jotai-scope/0.7.1/0.7.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [lucide-react](https://lucide.dev) ([source](https://togithub.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react)) | [`^0.408.0` -> `^0.429.0`](https://renovatebot.com/diffs/npm/lucide-react/0.408.0/0.429.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [napi](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.7` -> `3.0.0-alpha.8` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [napi-derive](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.6` -> `3.0.0-alpha.7` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [nestjs-throttler-storage-redis](https://togithub.com/kkoomen/nestjs-throttler-storage-redis) | [`^0.4.1` -> `^0.5.0`](https://renovatebot.com/diffs/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [node](https://nodejs.org) ([source](https://togithub.com/nodejs/node)) | `20.15.1` -> `20.16.0` | [![age](https://developer.mend.io/api/mc/badges/age/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor |
| openresty/openresty | `1.25.3.1-0-buster` -> `1.25.3.2-0-buster` | [![age](https://developer.mend.io/api/mc/badges/age/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | final | patch |
| [playwright](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/playwright/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [react-refresh](https://reactjs.org/) ([source](https://togithub.com/facebook/react/tree/HEAD/packages/react)) | [`^0.10.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/react-refresh/0.10.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [serde](https://serde.rs) ([source](https://togithub.com/serde-rs/serde)) | `1.0.204` -> `1.0.208` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [serde_json](https://togithub.com/serde-rs/json) | `1.0.120` -> `1.0.125` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [storybook-dark-mode](https://togithub.com/hipstersmoothie/storybook-dark-mode) | [`4.0.1` -> `4.0.2`](https://renovatebot.com/diffs/npm/storybook-dark-mode/4.0.1/4.0.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dev-dependencies | minor |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | minor |
| [vite](https://vitejs.dev) ([source](https://togithub.com/vitejs/vite/tree/HEAD/packages/vite)) | [`5.4.1` -> `5.4.2`](https://renovatebot.com/diffs/npm/vite/5.4.1/5.4.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [vite-plugin-dts](https://togithub.com/qmhc/vite-plugin-dts) | [`4.0.2` -> `4.0.3`](https://renovatebot.com/diffs/npm/vite-plugin-dts/4.0.2/4.0.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [wrangler](https://togithub.com/cloudflare/workers-sdk) ([source](https://togithub.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler)) | [`3.72.0` -> `3.72.1`](https://renovatebot.com/diffs/npm/wrangler/3.72.0/3.72.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
---
### Release Notes
<details>
<summary>aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)</summary>
### [`v3.635.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#36350-2024-08-20)
[Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.633.0...v3.635.0)
##### Features
- **client-s3:** Amazon Simple Storage Service / Features : Add support for conditional writes for PutObject and CompleteMultipartUpload APIs. ([b474584](https://togithub.com/aws/aws-sdk-js-v3/commit/b474584f2cfb0438fb1007d0594a54cf1a1c2dcb))
- **codegen:** add Smithy RPCv2 CBOR to list of protocols ([#​6096](https://togithub.com/aws/aws-sdk-js-v3/issues/6096)) ([5154d4f](https://togithub.com/aws/aws-sdk-js-v3/commit/5154d4f19bc77a7bad075b35ce135d3b5f60ad1d))
</details>
<details>
<summary>chromaui/addon-visual-tests (@​chromatic-com/storybook)</summary>
### [`v1.7.0`](https://togithub.com/chromaui/addon-visual-tests/blob/HEAD/CHANGELOG.md#v170-Tue-Aug-20-2024)
[Compare Source](https://togithub.com/chromaui/addon-visual-tests/compare/v1.6.1...v1.7.0)
##### 🚀 Enhancement
- Update story status reporting for Storybook 8.3 and use new `SET_FILTER` event [#​332](https://togithub.com/chromaui/addon-visual-tests/pull/332) ([@​ghengeveld](https://togithub.com/ghengeveld))
##### Authors: 1
- Gert Hengeveld ([@​ghengeveld](https://togithub.com/ghengeveld))
***
</details>
<details>
<summary>emotion-js/emotion (@​emotion/react)</summary>
### [`v11.13.3`](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...3f468846855ed1c6092922a6317a6f5df0ba8dcc)
[Compare Source](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...@emotion/react@11.13.3)
</details>
<details>
<summary>fal-ai/fal-js (@​fal-ai/serverless-client)</summary>
### [`v0.14.2`](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
### [`v0.14.1`](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
### [`v0.14.0`](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
</details>
<details>
<summary>napi-rs/napi-rs (@​napi-rs/cli)</summary>
### [`v3.0.0-alpha.62`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
### [`v3.0.0-alpha.61`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
</details>
<details>
<summary>microsoft/playwright (@​playwright/test)</summary>
### [`v1.46.1`](https://togithub.com/microsoft/playwright/compare/v1.46.0...e1c861cfa7a6caf3c5b798786b1e6298c4f3cf31)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.46.0...v1.46.1)
### [`v1.46.0`](https://togithub.com/microsoft/playwright/compare/v1.45.3...99a36310570617222290c09b96a2026beb8b00f9)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.3...v1.46.0)
### [`v1.45.3`](https://togithub.com/microsoft/playwright/compare/v1.45.2...0e130fa8edaf85765c4a5a86bded0e6d33bfd7c2)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.2...v1.45.3)
### [`v1.45.2`](https://togithub.com/microsoft/playwright/compare/v1.45.1...d8a5f3b33193e413b404ff4aa1f71e859d8f1b6b)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.1...v1.45.2)
### [`v1.45.1`](https://togithub.com/microsoft/playwright/compare/v1.45.0...e8989f83d9801cdaadc3803b5341c601c9593947)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.0...v1.45.1)
### [`v1.45.0`](https://togithub.com/microsoft/playwright/compare/v1.44.1...4f3f6eecae490af444dd9298c9eaeb0c596915b7)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.44.1...v1.45.0)
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/css)</summary>
### [`v1.15.5`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/css/CHANGELOG.md#1155)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/css@1.15.4...@vanilla-extract/css@1.15.5)
##### Patch Changes
- [#​1466](https://togithub.com/vanilla-extract-css/vanilla-extract/pull/1466) [`6432199fa0717f424fb3f45fbe36410b03b01c1c`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/6432199fa0717f424fb3f45fbe36410b03b01c1c) Thanks [@​askoufis](https://togithub.com/askoufis)! - Speed up dev prefix generation for long file paths
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/vite-plugin)</summary>
### [`v4.0.15`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/vite-plugin/CHANGELOG.md#4015)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/vite-plugin@4.0.14...@vanilla-extract/vite-plugin@4.0.15)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/webpack-plugin)</summary>
### [`v2.3.13`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/webpack-plugin/CHANGELOG.md#2313)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/webpack-plugin@2.3.12...@vanilla-extract/webpack-plugin@2.3.13)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>zloirock/core-js (core-js)</summary>
### [`v3.38.1`](https://togithub.com/zloirock/core-js/blob/HEAD/CHANGELOG.md#3381---20240820)
[Compare Source](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Changes [v3.38.0...v3.38.1](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Fixed some cases of `URLSearchParams` percent decoding, [#​1357](https://togithub.com/zloirock/core-js/issues/1357), [#​1361](https://togithub.com/zloirock/core-js/pull/1361), thanks [**@​slowcheetah**](https://togithub.com/slowcheetah)
- Some stylistic changes and minor optimizations
- Compat data improvements:
- [`Iterator` helpers proposal](https://togithub.com/tc39/proposal-iterator-helpers) methods marked as [shipped from FF131](https://bugzilla.mozilla.org/show_bug.cgi?id=1896390)
- [`Math.f16round` and `DataView.prototype.{ getFloat16, setFloat16 }`](https://togithub.com/tc39/proposal-float16array) marked as shipped from Bun 1.1.23
- [`RegExp.escape`](https://togithub.com/tc39/proposal-regex-escaping) marked as shipped from Bun 1.1.22
- [`Promise.try`](https://togithub.com/tc39/proposal-promise-try) marked as shipped from Bun 1.1.22
- [`Uint8Array` to / from base64 and hex proposal](https://togithub.com/tc39/proposal-arraybuffer-base64) methods marked as shipped from Bun 1.1.22
- Added Hermes 0.13 compat data, similar to React Native 0.75 Hermes
- Added Opera Android 84 compat data mapping
</details>
<details>
<summary>iamkun/dayjs (dayjs)</summary>
### [`v1.11.13`](https://togithub.com/iamkun/dayjs/compare/v1.11.12...93c8fd0f807b8a8252f4cd65083bb1d6a49b90e7)
[Compare Source](https://togithub.com/iamkun/dayjs/compare/v1.11.12...v1.11.13)
</details>
<details>
<summary>electron/electron (electron)</summary>
### [`v32.0.1`](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
[Compare Source](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
</details>
<details>
<summary>davidjerleke/embla-carousel (embla-carousel-react)</summary>
### [`v8.2.0`](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...6baf1555c6f68e88a7f785213ecf363f447a8b2f)
[Compare Source](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...v8.2.0)
</details>
<details>
<summary>typicode/husky (husky)</summary>
### [`v9.1.5`](https://togithub.com/typicode/husky/compare/v9.1.4...2fee8d212c601942ad146ea9209f15c20a07fb6d)
[Compare Source](https://togithub.com/typicode/husky/compare/v9.1.4...v9.1.5)
</details>
<details>
<summary>jotaijs/jotai-scope (jotai-scope)</summary>
### [`v0.7.2`](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
[Compare Source](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
</details>
<details>
<summary>lucide-icons/lucide (lucide-react)</summary>
### [`v0.429.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.429.0): New icons 0.429.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.428.0...0.429.0)
#### Modified Icons 🔨
- `message-square-dashed` ([#​2374](https://togithub.com/lucide-icons/lucide/issues/2374)) by [@​jguddas](https://togithub.com/jguddas)
- `stethoscope` ([#​2379](https://togithub.com/lucide-icons/lucide/issues/2379)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.428.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.428.0): New icons 0.428.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.427.0...0.428.0)
#### New icons 🎨
- `tickets-plane` ([#​2196](https://togithub.com/lucide-icons/lucide/issues/2196)) by [@​jguddas](https://togithub.com/jguddas)
#### Modified Icons 🔨
- `folder-search` ([#​2354](https://togithub.com/lucide-icons/lucide/issues/2354)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.427.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.427.0): New icons 0.427.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.426.0...0.427.0)
#### New icons 🎨
- `binoculars` ([#​2207](https://togithub.com/lucide-icons/lucide/issues/2207)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `tickets` ([#​2335](https://togithub.com/lucide-icons/lucide/issues/2335)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.426.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.426.0): New icons 0.426.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.425.0...0.426.0)
#### New icons 🎨
- `chevrons-left-right-ellipsis` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
- `ethernet-port` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
#### Modified Icons 🔨
- `cigarette-off` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
- `cigarette` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.425.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.425.0): New icons 0.425.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.424.0...0.425.0)
#### New icons 🎨
- `bandage` ([#​2341](https://togithub.com/lucide-icons/lucide/issues/2341)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `table-of-contents` ([#​2348](https://togithub.com/lucide-icons/lucide/issues/2348)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `mouse-pointer-2` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-ban` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-click` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-dashed-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.424.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.424.0): New icons 0.424.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.423.0...0.424.0)
#### New icons 🎨
- `map-pin-house` ([#​2337](https://togithub.com/lucide-icons/lucide/issues/2337)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `replace-all` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
- `replace` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.423.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.423.0): New icons 0.423.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.422.0...0.423.0)
#### New icons 🎨
- `amphora` ([#​1926](https://togithub.com/lucide-icons/lucide/issues/1926)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.422.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.422.0): New icons 0.422.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.421.0...0.422.0)
#### Modified Icons 🔨
- `skull` ([#​2197](https://togithub.com/lucide-icons/lucide/issues/2197)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.421.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.421.0): New icons 0.421.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.420.0...0.421.0)
#### New icons 🎨
- `microchip` ([#​1982](https://togithub.com/lucide-icons/lucide/issues/1982)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `circle-check-big` ([#​2330](https://togithub.com/lucide-icons/lucide/issues/2330)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-download` ([#​2355](https://togithub.com/lucide-icons/lucide/issues/2355)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `pentagon` ([#​1918](https://togithub.com/lucide-icons/lucide/issues/1918)) by [@​jguddas](https://togithub.com/jguddas)
- `square-check-big` ([#​2331](https://togithub.com/lucide-icons/lucide/issues/2331)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.420.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.420.0): New icons 0.420.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.419.0...0.420.0)
#### New icons 🎨
- `omega` ([#​2347](https://togithub.com/lucide-icons/lucide/issues/2347)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `calendar-search` ([#​2351](https://togithub.com/lucide-icons/lucide/issues/2351)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-upload` ([#​2352](https://togithub.com/lucide-icons/lucide/issues/2352)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.419.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.419.0): New icons 0.419.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.418.0...0.419.0)
#### New icons 🎨
- `circle-fading-arrow-up` ([#​2287](https://togithub.com/lucide-icons/lucide/issues/2287)) by [@​mosch](https://togithub.com/mosch)
### [`v0.418.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.418.0): New icons 0.418.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.417.0...0.418.0)
#### New icons 🎨
- `id-card` ([#​1296](https://togithub.com/lucide-icons/lucide/issues/1296)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.417.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.417.0): New icons 0.417.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.416.0...0.417.0)
#### Modified Icons 🔨
- `chart-column-increasing` ([#​2334](https://togithub.com/lucide-icons/lucide/issues/2334)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.416.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.416.0): New icons 0.416.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.415.0...0.416.0)
#### New icons 🎨
- `map-pin-check-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-check` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `map-pin-off` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pinned` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.415.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.415.0): New icons 0.415.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.414.0...0.415.0)
#### New icons 🎨
- `square-square` ([#​2241](https://togithub.com/lucide-icons/lucide/issues/2241)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.414.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.414.0): New icons 0.414.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.413.0...0.414.0)
#### New icons 🎨
- `chart-area` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-decreasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-big` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-network` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-no-axes-combined` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-spline` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.413.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.413.0): New icons 0.413.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.412.0...0.413.0)
#### New icons 🎨
- `dam` ([#​2233](https://togithub.com/lucide-icons/lucide/issues/2233)) by [@​AndreasSas](https://togithub.com/AndreasSas)
#### Modified Icons 🔨
- `dog` ([#​2249](https://togithub.com/lucide-icons/lucide/issues/2249)) by [@​jguddas](https://togithub.com/jguddas)
- `key-square` ([#​2277](https://togithub.com/lucide-icons/lucide/issues/2277)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.412.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.412.0): New icons 0.412.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.411.0...0.412.0)
#### New icons 🎨
- `letter-text` ([#​2252](https://togithub.com/lucide-icons/lucide/issues/2252)) by [@​GRA0007](https://togithub.com/GRA0007)
### [`v0.411.0`](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
### [`v0.410.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.410.0): New icons 0.410.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.409.0...0.410.0)
#### New icons 🎨
- `philippine-peso` ([#​2231](https://togithub.com/lucide-icons/lucide/issues/2231)) by [@​kasutu](https://togithub.com/kasutu)
#### Modified Icons 🔨
- `ribbon` ([#​2271](https://togithub.com/lucide-icons/lucide/issues/2271)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.409.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.409.0): New icons 0.409.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.408.0...0.409.0)
#### Modified Icons 🔨
- `calendar-minus` ([#​2265](https://togithub.com/lucide-icons/lucide/issues/2265)) by [@​jguddas](https://togithub.com/jguddas)
- `eye-off` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `image-plus` ([#​2321](https://togithub.com/lucide-icons/lucide/issues/2321)) by [@​jguddas](https://togithub.com/jguddas)
- `scan-eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `view` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
</details>
<details>
<summary>nodejs/node (node)</summary>
### [`v20.16.0`](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
[Compare Source](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
</details>
<details>
<summary>facebook/react (react-refresh)</summary>
### [`v0.14.2`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0142-November-2-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.1...v0.14.2)
##### React DOM
- Fixed bug with development build preventing events from firing in some versions of Internet Explorer & Edge
- Fixed bug with development build when using es5-sham in older versions of Internet Explorer
- Added support for `integrity` attribute
- Fixed bug resulting in `children` prop being coerced to a string for custom elements, which was not the desired behavior
- Moved `react` from `dependencies` to `peerDependencies` to match expectations and align with `react-addons-*` packages
### [`v0.14.1`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#01410-October-14-2020)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.0...v0.14.1)
##### React
- Backport support for the [new JSX transform](https://reactjs.org/blog/2020/09/22/introducing-the-new-jsx-transform.html) to 0.14.x. ([@​lunaruan](https://togithub.com/lunaruan) in [#​18299](https://togithub.com/facebook/react/pull/18299) and [@​gaearon](https://togithub.com/gaearon) in [#​20024](https://togithub.com/facebook/react/pull/20024))
### [`v0.14.0`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0140-October-7-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.13.0...v0.14.0)
##### Major changes
- Split the main `react` package into two: `react` and `react-dom`. This paves the way to writing components that can be shared between the web version of React and React Native. This means you will need to include both files and some functions have been moved from `React` to `ReactDOM`.
- Addons have been moved to separate packages (`react-addons-clone-with-props`, `react-addons-create-fragment`, `react-addons-css-transition-group`, `react-addons-linked-state-mixin`, `react-addons-perf`, `react-addons-pure-render-mixin`, `react-addons-shallow-compare`, `react-addons-test-utils`, `react-addons-transition-group`, `react-addons-update`, `ReactDOM.unstable_batchedUpdates`).
- Stateless functional components - React components were previously created using React.createClass or using ES6 classes. This release adds a [new syntax](https://reactjs.org/docs/reusable-components.html#stateless-functions) where a user defines a single [stateless render function](https://reactjs.org/docs/reusable-components.html#stateless-functions) (with one parameter: `props`) which returns a JSX element, and this function may be used as a component.
- Refs to DOM components as the DOM node itself. Previously the only useful thing you can do with a DOM component is call `getDOMNode()` to get the underlying DOM node. Starting with this release, a ref to a DOM component *is* the actual DOM node. **Note that refs to custom (user-defined) components work exactly as before; only the built-in DOM components are affected by this change.**
##### Breaking changes
- `React.initializeTouchEvents` is no longer necessary and has been removed completely. Touch events now work automatically.
- Add-Ons: Due to the DOM node refs change mentioned above, `TestUtils.findAllInRenderedTree` and related helpers are no longer able to take a DOM component, only a custom component.
- The `props` object is now frozen, so mutating props after creating a component element is no longer supported. In most cases, [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) should be used instead. This change makes your components easier to reason about and enables the compiler optimizations mentioned above.
- Plain objects are no longer supported as React children; arrays should be used instead. You can use the [`createFragment`](https://reactjs.org/docs/create-fragment.html) helper to migrate, which now returns an array.
- Add-Ons: `classSet` has been removed. Use [classnames](https://togithub.com/JedWatson/classnames) instead.
- Web components (custom elements) now use native property names. Eg: `class` instead of `className`.
##### Deprecations
- `this.getDOMNode()` is now deprecated and `ReactDOM.findDOMNode(this)` can be used instead. Note that in the common case, `findDOMNode` is now unnecessary since a ref to the DOM component is now the actual DOM node.
- `setProps` and `replaceProps` are now deprecated. Instead, call ReactDOM.render again at the top level with the new props.
- ES6 component classes must now extend `React.Component` in order to enable stateless function components. The [ES3 module pattern](https://reactjs.org/blog/2015/01/27/react-v0.13.0-beta-1.html#other-languages) will continue to work.
- Reusing and mutating a `style` object between renders has been deprecated. This mirrors our change to freeze the `props` object.
- Add-Ons: `cloneWithProps` is now deprecated. Use [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) instead (unlike `cloneW
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-22 07:12:22 +03:00
|
|
|
"memchr",
|
2023-08-29 13:07:05 +03:00
|
|
|
"ryu",
|
|
|
|
"serde",
|
|
|
|
]
|
|
|
|
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
[[package]]
|
|
|
|
name = "serde_urlencoded"
|
|
|
|
version = "0.7.1"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd"
|
|
|
|
dependencies = [
|
|
|
|
"form_urlencoded",
|
|
|
|
"itoa",
|
|
|
|
"ryu",
|
|
|
|
"serde",
|
|
|
|
]
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
|
|
|
name = "sha1"
|
2023-10-11 10:36:45 +03:00
|
|
|
version = "0.10.6"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-10-11 10:36:45 +03:00
|
|
|
checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"cfg-if",
|
|
|
|
"cpufeatures",
|
|
|
|
"digest",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "sha2"
|
2023-10-11 10:36:45 +03:00
|
|
|
version = "0.10.8"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-10-11 10:36:45 +03:00
|
|
|
checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"cfg-if",
|
|
|
|
"cpufeatures",
|
|
|
|
"digest",
|
|
|
|
]
|
|
|
|
|
2023-10-18 11:06:07 +03:00
|
|
|
[[package]]
|
|
|
|
name = "sha3"
|
|
|
|
version = "0.10.8"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "75872d278a8f37ef87fa0ddbda7802605cb18344497949862c0d4dcb291eba60"
|
|
|
|
dependencies = [
|
|
|
|
"digest",
|
|
|
|
"keccak",
|
|
|
|
]
|
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "sharded-slab"
|
2023-10-11 10:36:45 +03:00
|
|
|
version = "0.1.7"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-10-11 10:36:45 +03:00
|
|
|
checksum = "f40ca3c46823713e0d4209592e8d6e826aa57e928f09752619fc696c499637f6"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"lazy_static",
|
|
|
|
]
|
|
|
|
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
[[package]]
|
|
|
|
name = "shlex"
|
|
|
|
version = "1.3.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
|
|
|
name = "signal-hook-registry"
|
2024-05-16 12:15:58 +03:00
|
|
|
version = "1.4.2"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-16 12:15:58 +03:00
|
|
|
checksum = "a9e9e0b4211b72e7b8b6e85c807d36c212bdb33ea8587f7569562a84df5465b1"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"libc",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "signature"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "2.2.0"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"digest",
|
2023-09-04 10:31:00 +03:00
|
|
|
"rand_core",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
2024-12-10 06:43:34 +03:00
|
|
|
[[package]]
|
|
|
|
name = "siphasher"
|
|
|
|
version = "0.3.11"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "38b58827f4464d87d377d175e90bf58eb00fd8716ff0a62f80356b5e61555d0d"
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
|
|
|
name = "slab"
|
2023-08-31 11:39:19 +03:00
|
|
|
version = "0.4.9"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-31 11:39:19 +03:00
|
|
|
checksum = "8f92a496fb766b417c996b9c5e57daf2f7ad3b0bebe1ccfca4856390e3d3bb67"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"autocfg",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "smallvec"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "1.13.2"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
dependencies = [
|
|
|
|
"serde",
|
|
|
|
]
|
2023-06-07 09:52:19 +03:00
|
|
|
|
2024-12-10 06:43:34 +03:00
|
|
|
[[package]]
|
|
|
|
name = "smawk"
|
|
|
|
version = "0.3.2"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "b7c388c1b5e93756d0c740965c41e8822f866621d41acbdf6336a6a168f8840c"
|
|
|
|
|
2024-01-31 09:54:33 +03:00
|
|
|
[[package]]
|
|
|
|
name = "smol_str"
|
2024-05-16 12:15:58 +03:00
|
|
|
version = "0.2.2"
|
2024-01-31 09:54:33 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-16 12:15:58 +03:00
|
|
|
checksum = "dd538fb6910ac1099850255cf94a94df6551fbdd602454387d0adb2d1ca6dead"
|
2024-01-31 09:54:33 +03:00
|
|
|
dependencies = [
|
|
|
|
"serde",
|
|
|
|
]
|
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "socket2"
|
2024-12-03 19:24:21 +03:00
|
|
|
version = "0.5.8"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-03 19:24:21 +03:00
|
|
|
checksum = "c970269d99b64e60ec3bd6ad27270092a5394c4e309314b18ae3fe575695fbe8"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"libc",
|
2024-04-19 23:14:13 +03:00
|
|
|
"windows-sys 0.52.0",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
|
|
|
name = "spin"
|
|
|
|
version = "0.9.8"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67"
|
|
|
|
dependencies = [
|
|
|
|
"lock_api",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "spki"
|
2024-01-02 15:32:47 +03:00
|
|
|
version = "0.7.3"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-01-02 15:32:47 +03:00
|
|
|
checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"base64ct",
|
|
|
|
"der",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "sqlformat"
|
2024-09-13 10:11:05 +03:00
|
|
|
version = "0.2.6"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-13 10:11:05 +03:00
|
|
|
checksum = "7bba3a93db0cc4f7bdece8bb09e77e2e785c20bfebf79eb8340ed80708048790"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"nom",
|
|
|
|
"unicode_categories",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "sqlx"
|
2024-09-13 10:11:05 +03:00
|
|
|
version = "0.8.2"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-13 10:11:05 +03:00
|
|
|
checksum = "93334716a037193fac19df402f8571269c84a00852f6a7066b5d2616dcd64d3e"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"sqlx-core",
|
|
|
|
"sqlx-macros",
|
|
|
|
"sqlx-mysql",
|
|
|
|
"sqlx-postgres",
|
|
|
|
"sqlx-sqlite",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "sqlx-core"
|
2024-09-13 10:11:05 +03:00
|
|
|
version = "0.8.2"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-13 10:11:05 +03:00
|
|
|
checksum = "d4d8060b456358185f7d50c55d9b5066ad956956fddec42ee2e8567134a8936e"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"atoi",
|
|
|
|
"byteorder",
|
|
|
|
"bytes",
|
|
|
|
"chrono",
|
|
|
|
"crc",
|
|
|
|
"crossbeam-queue",
|
|
|
|
"either",
|
|
|
|
"event-listener",
|
|
|
|
"futures-channel",
|
|
|
|
"futures-core",
|
|
|
|
"futures-intrusive",
|
|
|
|
"futures-io",
|
|
|
|
"futures-util",
|
2024-11-09 06:39:11 +03:00
|
|
|
"hashbrown 0.14.5",
|
2023-06-07 09:52:19 +03:00
|
|
|
"hashlink",
|
|
|
|
"hex",
|
2023-09-04 10:31:00 +03:00
|
|
|
"indexmap",
|
2023-06-07 09:52:19 +03:00
|
|
|
"log",
|
|
|
|
"memchr",
|
|
|
|
"once_cell",
|
|
|
|
"paste",
|
|
|
|
"percent-encoding",
|
|
|
|
"rustls",
|
|
|
|
"rustls-pemfile",
|
|
|
|
"serde",
|
|
|
|
"serde_json",
|
|
|
|
"sha2",
|
|
|
|
"smallvec",
|
|
|
|
"sqlformat",
|
|
|
|
"thiserror",
|
|
|
|
"tokio",
|
|
|
|
"tokio-stream",
|
|
|
|
"tracing",
|
|
|
|
"url",
|
|
|
|
"webpki-roots",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "sqlx-macros"
|
2024-09-13 10:11:05 +03:00
|
|
|
version = "0.8.2"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-13 10:11:05 +03:00
|
|
|
checksum = "cac0692bcc9de3b073e8d747391827297e075c7710ff6276d9f7a1f3d58c6657"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
|
|
|
"sqlx-core",
|
|
|
|
"sqlx-macros-core",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"syn",
|
2023-06-07 09:52:19 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "sqlx-macros-core"
|
2024-09-13 10:11:05 +03:00
|
|
|
version = "0.8.2"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-13 10:11:05 +03:00
|
|
|
checksum = "1804e8a7c7865599c9c79be146dc8a9fd8cc86935fa641d3ea58e5f0688abaa5"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"dotenvy",
|
|
|
|
"either",
|
|
|
|
"heck",
|
|
|
|
"hex",
|
|
|
|
"once_cell",
|
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
|
|
|
"serde",
|
|
|
|
"serde_json",
|
|
|
|
"sha2",
|
|
|
|
"sqlx-core",
|
|
|
|
"sqlx-mysql",
|
|
|
|
"sqlx-postgres",
|
|
|
|
"sqlx-sqlite",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"syn",
|
2023-06-07 09:52:19 +03:00
|
|
|
"tempfile",
|
|
|
|
"tokio",
|
|
|
|
"url",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "sqlx-mysql"
|
2024-09-13 10:11:05 +03:00
|
|
|
version = "0.8.2"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-13 10:11:05 +03:00
|
|
|
checksum = "64bb4714269afa44aef2755150a0fc19d756fb580a67db8885608cf02f47d06a"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"atoi",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"base64 0.22.1",
|
2024-12-13 09:13:05 +03:00
|
|
|
"bitflags",
|
2023-06-07 09:52:19 +03:00
|
|
|
"byteorder",
|
|
|
|
"bytes",
|
|
|
|
"chrono",
|
|
|
|
"crc",
|
|
|
|
"digest",
|
|
|
|
"dotenvy",
|
|
|
|
"either",
|
|
|
|
"futures-channel",
|
|
|
|
"futures-core",
|
|
|
|
"futures-io",
|
|
|
|
"futures-util",
|
|
|
|
"generic-array",
|
|
|
|
"hex",
|
|
|
|
"hkdf",
|
|
|
|
"hmac",
|
|
|
|
"itoa",
|
|
|
|
"log",
|
|
|
|
"md-5",
|
|
|
|
"memchr",
|
|
|
|
"once_cell",
|
|
|
|
"percent-encoding",
|
2023-09-04 10:31:00 +03:00
|
|
|
"rand",
|
2023-06-07 09:52:19 +03:00
|
|
|
"rsa",
|
|
|
|
"serde",
|
|
|
|
"sha1",
|
|
|
|
"sha2",
|
|
|
|
"smallvec",
|
|
|
|
"sqlx-core",
|
|
|
|
"stringprep",
|
|
|
|
"thiserror",
|
|
|
|
"tracing",
|
|
|
|
"whoami",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "sqlx-postgres"
|
2024-09-13 10:11:05 +03:00
|
|
|
version = "0.8.2"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-13 10:11:05 +03:00
|
|
|
checksum = "6fa91a732d854c5d7726349bb4bb879bb9478993ceb764247660aee25f67c2f8"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"atoi",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"base64 0.22.1",
|
2024-12-13 09:13:05 +03:00
|
|
|
"bitflags",
|
2023-06-07 09:52:19 +03:00
|
|
|
"byteorder",
|
|
|
|
"chrono",
|
|
|
|
"crc",
|
|
|
|
"dotenvy",
|
|
|
|
"etcetera",
|
|
|
|
"futures-channel",
|
|
|
|
"futures-core",
|
|
|
|
"futures-io",
|
|
|
|
"futures-util",
|
|
|
|
"hex",
|
|
|
|
"hkdf",
|
|
|
|
"hmac",
|
|
|
|
"home",
|
|
|
|
"itoa",
|
|
|
|
"log",
|
|
|
|
"md-5",
|
|
|
|
"memchr",
|
|
|
|
"once_cell",
|
2023-09-04 10:31:00 +03:00
|
|
|
"rand",
|
2023-06-07 09:52:19 +03:00
|
|
|
"serde",
|
|
|
|
"serde_json",
|
|
|
|
"sha2",
|
|
|
|
"smallvec",
|
|
|
|
"sqlx-core",
|
|
|
|
"stringprep",
|
|
|
|
"thiserror",
|
|
|
|
"tracing",
|
|
|
|
"whoami",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "sqlx-sqlite"
|
2024-09-13 10:11:05 +03:00
|
|
|
version = "0.8.2"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-13 10:11:05 +03:00
|
|
|
checksum = "d5b2cf34a45953bfd3daaf3db0f7a7878ab9b7a6b91b422d24a7a9e4c857b680"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"atoi",
|
|
|
|
"chrono",
|
|
|
|
"flume",
|
|
|
|
"futures-channel",
|
|
|
|
"futures-core",
|
|
|
|
"futures-executor",
|
|
|
|
"futures-intrusive",
|
|
|
|
"futures-util",
|
|
|
|
"libsqlite3-sys",
|
|
|
|
"log",
|
|
|
|
"percent-encoding",
|
|
|
|
"serde",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"serde_urlencoded",
|
2023-08-29 13:07:05 +03:00
|
|
|
"sqlx-core",
|
|
|
|
"tracing",
|
|
|
|
"url",
|
|
|
|
]
|
|
|
|
|
2024-11-09 06:39:11 +03:00
|
|
|
[[package]]
|
|
|
|
name = "stable_deref_trait"
|
|
|
|
version = "1.2.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "a8f112729512f8e442d81f95a8a7ddf2b7c6b8a1a6f509a95864142b30cab2d3"
|
|
|
|
|
2024-12-10 06:43:34 +03:00
|
|
|
[[package]]
|
|
|
|
name = "static_assertions"
|
|
|
|
version = "1.1.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f"
|
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "stringprep"
|
2024-05-28 08:38:11 +03:00
|
|
|
version = "0.1.5"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-28 08:38:11 +03:00
|
|
|
checksum = "7b4df3d392d81bd458a8a621b8bffbd2302a12ffe288a9d931670948749463b1"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"unicode-bidi",
|
|
|
|
"unicode-normalization",
|
2024-05-28 08:38:11 +03:00
|
|
|
"unicode-properties",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
2024-12-10 06:43:34 +03:00
|
|
|
[[package]]
|
|
|
|
name = "strsim"
|
|
|
|
version = "0.11.1"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f"
|
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "subtle"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "2.6.1"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "syn"
|
2024-12-03 19:24:21 +03:00
|
|
|
version = "2.0.90"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-03 19:24:21 +03:00
|
|
|
checksum = "919d3b74a5dd0ccd15aeb8f93e7006bd9e14c295087c9896a110f490752bcf31"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
|
|
|
"unicode-ident",
|
|
|
|
]
|
|
|
|
|
2024-11-09 06:39:11 +03:00
|
|
|
[[package]]
|
|
|
|
name = "synstructure"
|
|
|
|
version = "0.13.1"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971"
|
|
|
|
dependencies = [
|
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
|
|
|
"syn",
|
|
|
|
]
|
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "tap"
|
|
|
|
version = "1.0.1"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369"
|
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "tempfile"
|
2024-11-28 06:26:09 +03:00
|
|
|
version = "3.14.0"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-28 06:26:09 +03:00
|
|
|
checksum = "28cce251fcbc87fac86a866eeb0d6c2d536fc16d06f184bb61aeae11aa4cee0c"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-06-07 09:52:19 +03:00
|
|
|
"cfg-if",
|
2023-09-04 10:31:00 +03:00
|
|
|
"fastrand",
|
2024-09-03 10:42:54 +03:00
|
|
|
"once_cell",
|
2023-06-07 09:52:19 +03:00
|
|
|
"rustix",
|
2024-09-03 10:42:54 +03:00
|
|
|
"windows-sys 0.59.0",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
2024-12-10 06:43:34 +03:00
|
|
|
[[package]]
|
|
|
|
name = "textwrap"
|
|
|
|
version = "0.16.1"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "23d434d3f8967a09480fb04132ebe0a3e088c173e6d0ee7897abbdf4eab0f8b9"
|
|
|
|
dependencies = [
|
|
|
|
"smawk",
|
|
|
|
]
|
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "thiserror"
|
2024-11-28 06:26:09 +03:00
|
|
|
version = "1.0.69"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-28 06:26:09 +03:00
|
|
|
checksum = "b6aaf5339b578ea85b50e080feb250a3e8ae8cfcdff9a461c9ec2904bc923f52"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-06-07 09:52:19 +03:00
|
|
|
"thiserror-impl",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "thiserror-impl"
|
2024-11-28 06:26:09 +03:00
|
|
|
version = "1.0.69"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-28 06:26:09 +03:00
|
|
|
checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-06-07 09:52:19 +03:00
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"syn",
|
2023-08-29 13:07:05 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "thread_local"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "1.1.8"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "8b9ef9bad013ada3808854ceac7b46812a6465ba368859a37e2100283d2d719c"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"cfg-if",
|
|
|
|
"once_cell",
|
|
|
|
]
|
|
|
|
|
2024-05-16 10:55:10 +03:00
|
|
|
[[package]]
|
|
|
|
name = "tiktoken-rs"
|
2024-10-29 10:31:23 +03:00
|
|
|
version = "0.6.0"
|
2024-05-16 10:55:10 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-10-29 10:31:23 +03:00
|
|
|
checksum = "44075987ee2486402f0808505dd65692163d243a337fc54363d49afac41087f6"
|
2024-05-16 10:55:10 +03:00
|
|
|
dependencies = [
|
|
|
|
"anyhow",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"base64 0.21.7",
|
2024-05-16 10:55:10 +03:00
|
|
|
"bstr",
|
|
|
|
"fancy-regex",
|
|
|
|
"lazy_static",
|
|
|
|
"parking_lot",
|
2024-10-29 10:31:23 +03:00
|
|
|
"regex",
|
2024-05-16 10:55:10 +03:00
|
|
|
"rustc-hash",
|
|
|
|
]
|
|
|
|
|
2024-11-09 06:39:11 +03:00
|
|
|
[[package]]
|
|
|
|
name = "tinystr"
|
|
|
|
version = "0.7.6"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "9117f5d4db391c1cf6927e7bea3db74b9a1c1add8f7eda9ffd5364f40f57b82f"
|
|
|
|
dependencies = [
|
|
|
|
"displaydoc",
|
|
|
|
"zerovec",
|
|
|
|
]
|
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "tinyvec"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "1.8.0"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "445e881f4f6d382d5f27c034e25eb92edd7c784ceab92a0937db7f2e9471b938"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
|
|
|
"tinyvec_macros",
|
|
|
|
]
|
2023-05-10 12:16:48 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "tinyvec_macros"
|
|
|
|
version = "0.1.1"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-06-07 09:52:19 +03:00
|
|
|
checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "tokio"
|
2024-12-12 18:45:43 +03:00
|
|
|
version = "1.42.0"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-12 18:45:43 +03:00
|
|
|
checksum = "5cec9b21b0450273377fc97bd4c33a8acffc8c996c987a7c5b319a0083707551"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-08-29 13:07:05 +03:00
|
|
|
"backtrace",
|
2023-06-07 09:52:19 +03:00
|
|
|
"bytes",
|
|
|
|
"libc",
|
2024-10-26 15:02:16 +03:00
|
|
|
"mio",
|
2023-06-07 09:52:19 +03:00
|
|
|
"parking_lot",
|
|
|
|
"pin-project-lite",
|
|
|
|
"signal-hook-registry",
|
2023-09-04 10:31:00 +03:00
|
|
|
"socket2",
|
2023-06-07 09:52:19 +03:00
|
|
|
"tokio-macros",
|
chore: bump up all non-major dependencies (#7925)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type | Update |
|---|---|---|---|---|---|---|---|
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@chromatic-com/storybook](https://togithub.com/chromaui/addon-visual-tests) | [`1.6.1` -> `1.7.0`](https://renovatebot.com/diffs/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [@fal-ai/serverless-client](https://togithub.com/fal-ai/fal-js) ([source](https://togithub.com/fal-ai/fal-js/tree/HEAD/libs/client)) | [`^0.13.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@napi-rs/cli](https://togithub.com/napi-rs/napi-rs) | [`3.0.0-alpha.60` -> `3.0.0-alpha.62`](https://renovatebot.com/diffs/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@playwright/test](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@types/react](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/react) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react)) | [`18.3.3` -> `18.3.4`](https://renovatebot.com/diffs/npm/@types%2freact/18.3.3/18.3.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/css](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/css)) | [`1.15.4` -> `1.15.5`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fcss/1.15.4/1.15.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/vite-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/vite-plugin)) | [`4.0.14` -> `4.0.15`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/webpack-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/webpack-plugin)) | [`2.3.12` -> `2.3.13`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [dayjs](https://day.js.org) ([source](https://togithub.com/iamkun/dayjs)) | [`1.11.12` -> `1.11.13`](https://renovatebot.com/diffs/npm/dayjs/1.11.12/1.11.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [electron](https://togithub.com/electron/electron) | [`32.0.0` -> `32.0.1`](https://renovatebot.com/diffs/npm/electron/32.0.0/32.0.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [embla-carousel-react](https://www.embla-carousel.com) ([source](https://togithub.com/davidjerleke/embla-carousel)) | [`8.1.8` -> `8.2.0`](https://renovatebot.com/diffs/npm/embla-carousel-react/8.1.8/8.2.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [husky](https://togithub.com/typicode/husky) | [`9.1.4` -> `9.1.5`](https://renovatebot.com/diffs/npm/husky/9.1.4/9.1.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [jotai-scope](https://togithub.com/jotaijs/jotai-scope) | [`0.7.1` -> `0.7.2`](https://renovatebot.com/diffs/npm/jotai-scope/0.7.1/0.7.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [lucide-react](https://lucide.dev) ([source](https://togithub.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react)) | [`^0.408.0` -> `^0.429.0`](https://renovatebot.com/diffs/npm/lucide-react/0.408.0/0.429.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [napi](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.7` -> `3.0.0-alpha.8` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [napi-derive](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.6` -> `3.0.0-alpha.7` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [nestjs-throttler-storage-redis](https://togithub.com/kkoomen/nestjs-throttler-storage-redis) | [`^0.4.1` -> `^0.5.0`](https://renovatebot.com/diffs/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [node](https://nodejs.org) ([source](https://togithub.com/nodejs/node)) | `20.15.1` -> `20.16.0` | [![age](https://developer.mend.io/api/mc/badges/age/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor |
| openresty/openresty | `1.25.3.1-0-buster` -> `1.25.3.2-0-buster` | [![age](https://developer.mend.io/api/mc/badges/age/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | final | patch |
| [playwright](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/playwright/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [react-refresh](https://reactjs.org/) ([source](https://togithub.com/facebook/react/tree/HEAD/packages/react)) | [`^0.10.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/react-refresh/0.10.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [serde](https://serde.rs) ([source](https://togithub.com/serde-rs/serde)) | `1.0.204` -> `1.0.208` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [serde_json](https://togithub.com/serde-rs/json) | `1.0.120` -> `1.0.125` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [storybook-dark-mode](https://togithub.com/hipstersmoothie/storybook-dark-mode) | [`4.0.1` -> `4.0.2`](https://renovatebot.com/diffs/npm/storybook-dark-mode/4.0.1/4.0.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dev-dependencies | minor |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | minor |
| [vite](https://vitejs.dev) ([source](https://togithub.com/vitejs/vite/tree/HEAD/packages/vite)) | [`5.4.1` -> `5.4.2`](https://renovatebot.com/diffs/npm/vite/5.4.1/5.4.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [vite-plugin-dts](https://togithub.com/qmhc/vite-plugin-dts) | [`4.0.2` -> `4.0.3`](https://renovatebot.com/diffs/npm/vite-plugin-dts/4.0.2/4.0.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [wrangler](https://togithub.com/cloudflare/workers-sdk) ([source](https://togithub.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler)) | [`3.72.0` -> `3.72.1`](https://renovatebot.com/diffs/npm/wrangler/3.72.0/3.72.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
---
### Release Notes
<details>
<summary>aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)</summary>
### [`v3.635.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#36350-2024-08-20)
[Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.633.0...v3.635.0)
##### Features
- **client-s3:** Amazon Simple Storage Service / Features : Add support for conditional writes for PutObject and CompleteMultipartUpload APIs. ([b474584](https://togithub.com/aws/aws-sdk-js-v3/commit/b474584f2cfb0438fb1007d0594a54cf1a1c2dcb))
- **codegen:** add Smithy RPCv2 CBOR to list of protocols ([#​6096](https://togithub.com/aws/aws-sdk-js-v3/issues/6096)) ([5154d4f](https://togithub.com/aws/aws-sdk-js-v3/commit/5154d4f19bc77a7bad075b35ce135d3b5f60ad1d))
</details>
<details>
<summary>chromaui/addon-visual-tests (@​chromatic-com/storybook)</summary>
### [`v1.7.0`](https://togithub.com/chromaui/addon-visual-tests/blob/HEAD/CHANGELOG.md#v170-Tue-Aug-20-2024)
[Compare Source](https://togithub.com/chromaui/addon-visual-tests/compare/v1.6.1...v1.7.0)
##### 🚀 Enhancement
- Update story status reporting for Storybook 8.3 and use new `SET_FILTER` event [#​332](https://togithub.com/chromaui/addon-visual-tests/pull/332) ([@​ghengeveld](https://togithub.com/ghengeveld))
##### Authors: 1
- Gert Hengeveld ([@​ghengeveld](https://togithub.com/ghengeveld))
***
</details>
<details>
<summary>emotion-js/emotion (@​emotion/react)</summary>
### [`v11.13.3`](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...3f468846855ed1c6092922a6317a6f5df0ba8dcc)
[Compare Source](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...@emotion/react@11.13.3)
</details>
<details>
<summary>fal-ai/fal-js (@​fal-ai/serverless-client)</summary>
### [`v0.14.2`](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
### [`v0.14.1`](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
### [`v0.14.0`](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
</details>
<details>
<summary>napi-rs/napi-rs (@​napi-rs/cli)</summary>
### [`v3.0.0-alpha.62`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
### [`v3.0.0-alpha.61`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
</details>
<details>
<summary>microsoft/playwright (@​playwright/test)</summary>
### [`v1.46.1`](https://togithub.com/microsoft/playwright/compare/v1.46.0...e1c861cfa7a6caf3c5b798786b1e6298c4f3cf31)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.46.0...v1.46.1)
### [`v1.46.0`](https://togithub.com/microsoft/playwright/compare/v1.45.3...99a36310570617222290c09b96a2026beb8b00f9)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.3...v1.46.0)
### [`v1.45.3`](https://togithub.com/microsoft/playwright/compare/v1.45.2...0e130fa8edaf85765c4a5a86bded0e6d33bfd7c2)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.2...v1.45.3)
### [`v1.45.2`](https://togithub.com/microsoft/playwright/compare/v1.45.1...d8a5f3b33193e413b404ff4aa1f71e859d8f1b6b)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.1...v1.45.2)
### [`v1.45.1`](https://togithub.com/microsoft/playwright/compare/v1.45.0...e8989f83d9801cdaadc3803b5341c601c9593947)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.0...v1.45.1)
### [`v1.45.0`](https://togithub.com/microsoft/playwright/compare/v1.44.1...4f3f6eecae490af444dd9298c9eaeb0c596915b7)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.44.1...v1.45.0)
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/css)</summary>
### [`v1.15.5`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/css/CHANGELOG.md#1155)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/css@1.15.4...@vanilla-extract/css@1.15.5)
##### Patch Changes
- [#​1466](https://togithub.com/vanilla-extract-css/vanilla-extract/pull/1466) [`6432199fa0717f424fb3f45fbe36410b03b01c1c`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/6432199fa0717f424fb3f45fbe36410b03b01c1c) Thanks [@​askoufis](https://togithub.com/askoufis)! - Speed up dev prefix generation for long file paths
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/vite-plugin)</summary>
### [`v4.0.15`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/vite-plugin/CHANGELOG.md#4015)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/vite-plugin@4.0.14...@vanilla-extract/vite-plugin@4.0.15)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/webpack-plugin)</summary>
### [`v2.3.13`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/webpack-plugin/CHANGELOG.md#2313)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/webpack-plugin@2.3.12...@vanilla-extract/webpack-plugin@2.3.13)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>zloirock/core-js (core-js)</summary>
### [`v3.38.1`](https://togithub.com/zloirock/core-js/blob/HEAD/CHANGELOG.md#3381---20240820)
[Compare Source](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Changes [v3.38.0...v3.38.1](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Fixed some cases of `URLSearchParams` percent decoding, [#​1357](https://togithub.com/zloirock/core-js/issues/1357), [#​1361](https://togithub.com/zloirock/core-js/pull/1361), thanks [**@​slowcheetah**](https://togithub.com/slowcheetah)
- Some stylistic changes and minor optimizations
- Compat data improvements:
- [`Iterator` helpers proposal](https://togithub.com/tc39/proposal-iterator-helpers) methods marked as [shipped from FF131](https://bugzilla.mozilla.org/show_bug.cgi?id=1896390)
- [`Math.f16round` and `DataView.prototype.{ getFloat16, setFloat16 }`](https://togithub.com/tc39/proposal-float16array) marked as shipped from Bun 1.1.23
- [`RegExp.escape`](https://togithub.com/tc39/proposal-regex-escaping) marked as shipped from Bun 1.1.22
- [`Promise.try`](https://togithub.com/tc39/proposal-promise-try) marked as shipped from Bun 1.1.22
- [`Uint8Array` to / from base64 and hex proposal](https://togithub.com/tc39/proposal-arraybuffer-base64) methods marked as shipped from Bun 1.1.22
- Added Hermes 0.13 compat data, similar to React Native 0.75 Hermes
- Added Opera Android 84 compat data mapping
</details>
<details>
<summary>iamkun/dayjs (dayjs)</summary>
### [`v1.11.13`](https://togithub.com/iamkun/dayjs/compare/v1.11.12...93c8fd0f807b8a8252f4cd65083bb1d6a49b90e7)
[Compare Source](https://togithub.com/iamkun/dayjs/compare/v1.11.12...v1.11.13)
</details>
<details>
<summary>electron/electron (electron)</summary>
### [`v32.0.1`](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
[Compare Source](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
</details>
<details>
<summary>davidjerleke/embla-carousel (embla-carousel-react)</summary>
### [`v8.2.0`](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...6baf1555c6f68e88a7f785213ecf363f447a8b2f)
[Compare Source](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...v8.2.0)
</details>
<details>
<summary>typicode/husky (husky)</summary>
### [`v9.1.5`](https://togithub.com/typicode/husky/compare/v9.1.4...2fee8d212c601942ad146ea9209f15c20a07fb6d)
[Compare Source](https://togithub.com/typicode/husky/compare/v9.1.4...v9.1.5)
</details>
<details>
<summary>jotaijs/jotai-scope (jotai-scope)</summary>
### [`v0.7.2`](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
[Compare Source](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
</details>
<details>
<summary>lucide-icons/lucide (lucide-react)</summary>
### [`v0.429.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.429.0): New icons 0.429.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.428.0...0.429.0)
#### Modified Icons 🔨
- `message-square-dashed` ([#​2374](https://togithub.com/lucide-icons/lucide/issues/2374)) by [@​jguddas](https://togithub.com/jguddas)
- `stethoscope` ([#​2379](https://togithub.com/lucide-icons/lucide/issues/2379)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.428.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.428.0): New icons 0.428.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.427.0...0.428.0)
#### New icons 🎨
- `tickets-plane` ([#​2196](https://togithub.com/lucide-icons/lucide/issues/2196)) by [@​jguddas](https://togithub.com/jguddas)
#### Modified Icons 🔨
- `folder-search` ([#​2354](https://togithub.com/lucide-icons/lucide/issues/2354)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.427.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.427.0): New icons 0.427.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.426.0...0.427.0)
#### New icons 🎨
- `binoculars` ([#​2207](https://togithub.com/lucide-icons/lucide/issues/2207)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `tickets` ([#​2335](https://togithub.com/lucide-icons/lucide/issues/2335)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.426.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.426.0): New icons 0.426.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.425.0...0.426.0)
#### New icons 🎨
- `chevrons-left-right-ellipsis` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
- `ethernet-port` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
#### Modified Icons 🔨
- `cigarette-off` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
- `cigarette` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.425.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.425.0): New icons 0.425.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.424.0...0.425.0)
#### New icons 🎨
- `bandage` ([#​2341](https://togithub.com/lucide-icons/lucide/issues/2341)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `table-of-contents` ([#​2348](https://togithub.com/lucide-icons/lucide/issues/2348)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `mouse-pointer-2` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-ban` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-click` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-dashed-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.424.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.424.0): New icons 0.424.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.423.0...0.424.0)
#### New icons 🎨
- `map-pin-house` ([#​2337](https://togithub.com/lucide-icons/lucide/issues/2337)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `replace-all` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
- `replace` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.423.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.423.0): New icons 0.423.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.422.0...0.423.0)
#### New icons 🎨
- `amphora` ([#​1926](https://togithub.com/lucide-icons/lucide/issues/1926)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.422.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.422.0): New icons 0.422.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.421.0...0.422.0)
#### Modified Icons 🔨
- `skull` ([#​2197](https://togithub.com/lucide-icons/lucide/issues/2197)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.421.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.421.0): New icons 0.421.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.420.0...0.421.0)
#### New icons 🎨
- `microchip` ([#​1982](https://togithub.com/lucide-icons/lucide/issues/1982)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `circle-check-big` ([#​2330](https://togithub.com/lucide-icons/lucide/issues/2330)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-download` ([#​2355](https://togithub.com/lucide-icons/lucide/issues/2355)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `pentagon` ([#​1918](https://togithub.com/lucide-icons/lucide/issues/1918)) by [@​jguddas](https://togithub.com/jguddas)
- `square-check-big` ([#​2331](https://togithub.com/lucide-icons/lucide/issues/2331)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.420.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.420.0): New icons 0.420.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.419.0...0.420.0)
#### New icons 🎨
- `omega` ([#​2347](https://togithub.com/lucide-icons/lucide/issues/2347)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `calendar-search` ([#​2351](https://togithub.com/lucide-icons/lucide/issues/2351)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-upload` ([#​2352](https://togithub.com/lucide-icons/lucide/issues/2352)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.419.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.419.0): New icons 0.419.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.418.0...0.419.0)
#### New icons 🎨
- `circle-fading-arrow-up` ([#​2287](https://togithub.com/lucide-icons/lucide/issues/2287)) by [@​mosch](https://togithub.com/mosch)
### [`v0.418.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.418.0): New icons 0.418.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.417.0...0.418.0)
#### New icons 🎨
- `id-card` ([#​1296](https://togithub.com/lucide-icons/lucide/issues/1296)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.417.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.417.0): New icons 0.417.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.416.0...0.417.0)
#### Modified Icons 🔨
- `chart-column-increasing` ([#​2334](https://togithub.com/lucide-icons/lucide/issues/2334)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.416.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.416.0): New icons 0.416.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.415.0...0.416.0)
#### New icons 🎨
- `map-pin-check-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-check` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `map-pin-off` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pinned` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.415.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.415.0): New icons 0.415.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.414.0...0.415.0)
#### New icons 🎨
- `square-square` ([#​2241](https://togithub.com/lucide-icons/lucide/issues/2241)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.414.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.414.0): New icons 0.414.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.413.0...0.414.0)
#### New icons 🎨
- `chart-area` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-decreasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-big` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-network` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-no-axes-combined` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-spline` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.413.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.413.0): New icons 0.413.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.412.0...0.413.0)
#### New icons 🎨
- `dam` ([#​2233](https://togithub.com/lucide-icons/lucide/issues/2233)) by [@​AndreasSas](https://togithub.com/AndreasSas)
#### Modified Icons 🔨
- `dog` ([#​2249](https://togithub.com/lucide-icons/lucide/issues/2249)) by [@​jguddas](https://togithub.com/jguddas)
- `key-square` ([#​2277](https://togithub.com/lucide-icons/lucide/issues/2277)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.412.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.412.0): New icons 0.412.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.411.0...0.412.0)
#### New icons 🎨
- `letter-text` ([#​2252](https://togithub.com/lucide-icons/lucide/issues/2252)) by [@​GRA0007](https://togithub.com/GRA0007)
### [`v0.411.0`](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
### [`v0.410.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.410.0): New icons 0.410.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.409.0...0.410.0)
#### New icons 🎨
- `philippine-peso` ([#​2231](https://togithub.com/lucide-icons/lucide/issues/2231)) by [@​kasutu](https://togithub.com/kasutu)
#### Modified Icons 🔨
- `ribbon` ([#​2271](https://togithub.com/lucide-icons/lucide/issues/2271)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.409.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.409.0): New icons 0.409.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.408.0...0.409.0)
#### Modified Icons 🔨
- `calendar-minus` ([#​2265](https://togithub.com/lucide-icons/lucide/issues/2265)) by [@​jguddas](https://togithub.com/jguddas)
- `eye-off` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `image-plus` ([#​2321](https://togithub.com/lucide-icons/lucide/issues/2321)) by [@​jguddas](https://togithub.com/jguddas)
- `scan-eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `view` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
</details>
<details>
<summary>nodejs/node (node)</summary>
### [`v20.16.0`](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
[Compare Source](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
</details>
<details>
<summary>facebook/react (react-refresh)</summary>
### [`v0.14.2`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0142-November-2-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.1...v0.14.2)
##### React DOM
- Fixed bug with development build preventing events from firing in some versions of Internet Explorer & Edge
- Fixed bug with development build when using es5-sham in older versions of Internet Explorer
- Added support for `integrity` attribute
- Fixed bug resulting in `children` prop being coerced to a string for custom elements, which was not the desired behavior
- Moved `react` from `dependencies` to `peerDependencies` to match expectations and align with `react-addons-*` packages
### [`v0.14.1`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#01410-October-14-2020)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.0...v0.14.1)
##### React
- Backport support for the [new JSX transform](https://reactjs.org/blog/2020/09/22/introducing-the-new-jsx-transform.html) to 0.14.x. ([@​lunaruan](https://togithub.com/lunaruan) in [#​18299](https://togithub.com/facebook/react/pull/18299) and [@​gaearon](https://togithub.com/gaearon) in [#​20024](https://togithub.com/facebook/react/pull/20024))
### [`v0.14.0`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0140-October-7-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.13.0...v0.14.0)
##### Major changes
- Split the main `react` package into two: `react` and `react-dom`. This paves the way to writing components that can be shared between the web version of React and React Native. This means you will need to include both files and some functions have been moved from `React` to `ReactDOM`.
- Addons have been moved to separate packages (`react-addons-clone-with-props`, `react-addons-create-fragment`, `react-addons-css-transition-group`, `react-addons-linked-state-mixin`, `react-addons-perf`, `react-addons-pure-render-mixin`, `react-addons-shallow-compare`, `react-addons-test-utils`, `react-addons-transition-group`, `react-addons-update`, `ReactDOM.unstable_batchedUpdates`).
- Stateless functional components - React components were previously created using React.createClass or using ES6 classes. This release adds a [new syntax](https://reactjs.org/docs/reusable-components.html#stateless-functions) where a user defines a single [stateless render function](https://reactjs.org/docs/reusable-components.html#stateless-functions) (with one parameter: `props`) which returns a JSX element, and this function may be used as a component.
- Refs to DOM components as the DOM node itself. Previously the only useful thing you can do with a DOM component is call `getDOMNode()` to get the underlying DOM node. Starting with this release, a ref to a DOM component *is* the actual DOM node. **Note that refs to custom (user-defined) components work exactly as before; only the built-in DOM components are affected by this change.**
##### Breaking changes
- `React.initializeTouchEvents` is no longer necessary and has been removed completely. Touch events now work automatically.
- Add-Ons: Due to the DOM node refs change mentioned above, `TestUtils.findAllInRenderedTree` and related helpers are no longer able to take a DOM component, only a custom component.
- The `props` object is now frozen, so mutating props after creating a component element is no longer supported. In most cases, [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) should be used instead. This change makes your components easier to reason about and enables the compiler optimizations mentioned above.
- Plain objects are no longer supported as React children; arrays should be used instead. You can use the [`createFragment`](https://reactjs.org/docs/create-fragment.html) helper to migrate, which now returns an array.
- Add-Ons: `classSet` has been removed. Use [classnames](https://togithub.com/JedWatson/classnames) instead.
- Web components (custom elements) now use native property names. Eg: `class` instead of `className`.
##### Deprecations
- `this.getDOMNode()` is now deprecated and `ReactDOM.findDOMNode(this)` can be used instead. Note that in the common case, `findDOMNode` is now unnecessary since a ref to the DOM component is now the actual DOM node.
- `setProps` and `replaceProps` are now deprecated. Instead, call ReactDOM.render again at the top level with the new props.
- ES6 component classes must now extend `React.Component` in order to enable stateless function components. The [ES3 module pattern](https://reactjs.org/blog/2015/01/27/react-v0.13.0-beta-1.html#other-languages) will continue to work.
- Reusing and mutating a `style` object between renders has been deprecated. This mirrors our change to freeze the `props` object.
- Add-Ons: `cloneWithProps` is now deprecated. Use [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) instead (unlike `cloneW
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-22 07:12:22 +03:00
|
|
|
"windows-sys 0.52.0",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "tokio-macros"
|
chore: bump up all non-major dependencies (#7925)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type | Update |
|---|---|---|---|---|---|---|---|
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@chromatic-com/storybook](https://togithub.com/chromaui/addon-visual-tests) | [`1.6.1` -> `1.7.0`](https://renovatebot.com/diffs/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [@fal-ai/serverless-client](https://togithub.com/fal-ai/fal-js) ([source](https://togithub.com/fal-ai/fal-js/tree/HEAD/libs/client)) | [`^0.13.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@napi-rs/cli](https://togithub.com/napi-rs/napi-rs) | [`3.0.0-alpha.60` -> `3.0.0-alpha.62`](https://renovatebot.com/diffs/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@playwright/test](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@types/react](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/react) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react)) | [`18.3.3` -> `18.3.4`](https://renovatebot.com/diffs/npm/@types%2freact/18.3.3/18.3.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/css](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/css)) | [`1.15.4` -> `1.15.5`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fcss/1.15.4/1.15.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/vite-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/vite-plugin)) | [`4.0.14` -> `4.0.15`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/webpack-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/webpack-plugin)) | [`2.3.12` -> `2.3.13`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [dayjs](https://day.js.org) ([source](https://togithub.com/iamkun/dayjs)) | [`1.11.12` -> `1.11.13`](https://renovatebot.com/diffs/npm/dayjs/1.11.12/1.11.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [electron](https://togithub.com/electron/electron) | [`32.0.0` -> `32.0.1`](https://renovatebot.com/diffs/npm/electron/32.0.0/32.0.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [embla-carousel-react](https://www.embla-carousel.com) ([source](https://togithub.com/davidjerleke/embla-carousel)) | [`8.1.8` -> `8.2.0`](https://renovatebot.com/diffs/npm/embla-carousel-react/8.1.8/8.2.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [husky](https://togithub.com/typicode/husky) | [`9.1.4` -> `9.1.5`](https://renovatebot.com/diffs/npm/husky/9.1.4/9.1.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [jotai-scope](https://togithub.com/jotaijs/jotai-scope) | [`0.7.1` -> `0.7.2`](https://renovatebot.com/diffs/npm/jotai-scope/0.7.1/0.7.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [lucide-react](https://lucide.dev) ([source](https://togithub.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react)) | [`^0.408.0` -> `^0.429.0`](https://renovatebot.com/diffs/npm/lucide-react/0.408.0/0.429.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [napi](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.7` -> `3.0.0-alpha.8` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [napi-derive](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.6` -> `3.0.0-alpha.7` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [nestjs-throttler-storage-redis](https://togithub.com/kkoomen/nestjs-throttler-storage-redis) | [`^0.4.1` -> `^0.5.0`](https://renovatebot.com/diffs/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [node](https://nodejs.org) ([source](https://togithub.com/nodejs/node)) | `20.15.1` -> `20.16.0` | [![age](https://developer.mend.io/api/mc/badges/age/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor |
| openresty/openresty | `1.25.3.1-0-buster` -> `1.25.3.2-0-buster` | [![age](https://developer.mend.io/api/mc/badges/age/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | final | patch |
| [playwright](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/playwright/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [react-refresh](https://reactjs.org/) ([source](https://togithub.com/facebook/react/tree/HEAD/packages/react)) | [`^0.10.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/react-refresh/0.10.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [serde](https://serde.rs) ([source](https://togithub.com/serde-rs/serde)) | `1.0.204` -> `1.0.208` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [serde_json](https://togithub.com/serde-rs/json) | `1.0.120` -> `1.0.125` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [storybook-dark-mode](https://togithub.com/hipstersmoothie/storybook-dark-mode) | [`4.0.1` -> `4.0.2`](https://renovatebot.com/diffs/npm/storybook-dark-mode/4.0.1/4.0.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dev-dependencies | minor |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | minor |
| [vite](https://vitejs.dev) ([source](https://togithub.com/vitejs/vite/tree/HEAD/packages/vite)) | [`5.4.1` -> `5.4.2`](https://renovatebot.com/diffs/npm/vite/5.4.1/5.4.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [vite-plugin-dts](https://togithub.com/qmhc/vite-plugin-dts) | [`4.0.2` -> `4.0.3`](https://renovatebot.com/diffs/npm/vite-plugin-dts/4.0.2/4.0.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [wrangler](https://togithub.com/cloudflare/workers-sdk) ([source](https://togithub.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler)) | [`3.72.0` -> `3.72.1`](https://renovatebot.com/diffs/npm/wrangler/3.72.0/3.72.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
---
### Release Notes
<details>
<summary>aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)</summary>
### [`v3.635.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#36350-2024-08-20)
[Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.633.0...v3.635.0)
##### Features
- **client-s3:** Amazon Simple Storage Service / Features : Add support for conditional writes for PutObject and CompleteMultipartUpload APIs. ([b474584](https://togithub.com/aws/aws-sdk-js-v3/commit/b474584f2cfb0438fb1007d0594a54cf1a1c2dcb))
- **codegen:** add Smithy RPCv2 CBOR to list of protocols ([#​6096](https://togithub.com/aws/aws-sdk-js-v3/issues/6096)) ([5154d4f](https://togithub.com/aws/aws-sdk-js-v3/commit/5154d4f19bc77a7bad075b35ce135d3b5f60ad1d))
</details>
<details>
<summary>chromaui/addon-visual-tests (@​chromatic-com/storybook)</summary>
### [`v1.7.0`](https://togithub.com/chromaui/addon-visual-tests/blob/HEAD/CHANGELOG.md#v170-Tue-Aug-20-2024)
[Compare Source](https://togithub.com/chromaui/addon-visual-tests/compare/v1.6.1...v1.7.0)
##### 🚀 Enhancement
- Update story status reporting for Storybook 8.3 and use new `SET_FILTER` event [#​332](https://togithub.com/chromaui/addon-visual-tests/pull/332) ([@​ghengeveld](https://togithub.com/ghengeveld))
##### Authors: 1
- Gert Hengeveld ([@​ghengeveld](https://togithub.com/ghengeveld))
***
</details>
<details>
<summary>emotion-js/emotion (@​emotion/react)</summary>
### [`v11.13.3`](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...3f468846855ed1c6092922a6317a6f5df0ba8dcc)
[Compare Source](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...@emotion/react@11.13.3)
</details>
<details>
<summary>fal-ai/fal-js (@​fal-ai/serverless-client)</summary>
### [`v0.14.2`](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
### [`v0.14.1`](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
### [`v0.14.0`](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
</details>
<details>
<summary>napi-rs/napi-rs (@​napi-rs/cli)</summary>
### [`v3.0.0-alpha.62`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
### [`v3.0.0-alpha.61`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
</details>
<details>
<summary>microsoft/playwright (@​playwright/test)</summary>
### [`v1.46.1`](https://togithub.com/microsoft/playwright/compare/v1.46.0...e1c861cfa7a6caf3c5b798786b1e6298c4f3cf31)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.46.0...v1.46.1)
### [`v1.46.0`](https://togithub.com/microsoft/playwright/compare/v1.45.3...99a36310570617222290c09b96a2026beb8b00f9)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.3...v1.46.0)
### [`v1.45.3`](https://togithub.com/microsoft/playwright/compare/v1.45.2...0e130fa8edaf85765c4a5a86bded0e6d33bfd7c2)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.2...v1.45.3)
### [`v1.45.2`](https://togithub.com/microsoft/playwright/compare/v1.45.1...d8a5f3b33193e413b404ff4aa1f71e859d8f1b6b)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.1...v1.45.2)
### [`v1.45.1`](https://togithub.com/microsoft/playwright/compare/v1.45.0...e8989f83d9801cdaadc3803b5341c601c9593947)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.0...v1.45.1)
### [`v1.45.0`](https://togithub.com/microsoft/playwright/compare/v1.44.1...4f3f6eecae490af444dd9298c9eaeb0c596915b7)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.44.1...v1.45.0)
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/css)</summary>
### [`v1.15.5`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/css/CHANGELOG.md#1155)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/css@1.15.4...@vanilla-extract/css@1.15.5)
##### Patch Changes
- [#​1466](https://togithub.com/vanilla-extract-css/vanilla-extract/pull/1466) [`6432199fa0717f424fb3f45fbe36410b03b01c1c`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/6432199fa0717f424fb3f45fbe36410b03b01c1c) Thanks [@​askoufis](https://togithub.com/askoufis)! - Speed up dev prefix generation for long file paths
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/vite-plugin)</summary>
### [`v4.0.15`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/vite-plugin/CHANGELOG.md#4015)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/vite-plugin@4.0.14...@vanilla-extract/vite-plugin@4.0.15)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/webpack-plugin)</summary>
### [`v2.3.13`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/webpack-plugin/CHANGELOG.md#2313)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/webpack-plugin@2.3.12...@vanilla-extract/webpack-plugin@2.3.13)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>zloirock/core-js (core-js)</summary>
### [`v3.38.1`](https://togithub.com/zloirock/core-js/blob/HEAD/CHANGELOG.md#3381---20240820)
[Compare Source](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Changes [v3.38.0...v3.38.1](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Fixed some cases of `URLSearchParams` percent decoding, [#​1357](https://togithub.com/zloirock/core-js/issues/1357), [#​1361](https://togithub.com/zloirock/core-js/pull/1361), thanks [**@​slowcheetah**](https://togithub.com/slowcheetah)
- Some stylistic changes and minor optimizations
- Compat data improvements:
- [`Iterator` helpers proposal](https://togithub.com/tc39/proposal-iterator-helpers) methods marked as [shipped from FF131](https://bugzilla.mozilla.org/show_bug.cgi?id=1896390)
- [`Math.f16round` and `DataView.prototype.{ getFloat16, setFloat16 }`](https://togithub.com/tc39/proposal-float16array) marked as shipped from Bun 1.1.23
- [`RegExp.escape`](https://togithub.com/tc39/proposal-regex-escaping) marked as shipped from Bun 1.1.22
- [`Promise.try`](https://togithub.com/tc39/proposal-promise-try) marked as shipped from Bun 1.1.22
- [`Uint8Array` to / from base64 and hex proposal](https://togithub.com/tc39/proposal-arraybuffer-base64) methods marked as shipped from Bun 1.1.22
- Added Hermes 0.13 compat data, similar to React Native 0.75 Hermes
- Added Opera Android 84 compat data mapping
</details>
<details>
<summary>iamkun/dayjs (dayjs)</summary>
### [`v1.11.13`](https://togithub.com/iamkun/dayjs/compare/v1.11.12...93c8fd0f807b8a8252f4cd65083bb1d6a49b90e7)
[Compare Source](https://togithub.com/iamkun/dayjs/compare/v1.11.12...v1.11.13)
</details>
<details>
<summary>electron/electron (electron)</summary>
### [`v32.0.1`](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
[Compare Source](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
</details>
<details>
<summary>davidjerleke/embla-carousel (embla-carousel-react)</summary>
### [`v8.2.0`](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...6baf1555c6f68e88a7f785213ecf363f447a8b2f)
[Compare Source](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...v8.2.0)
</details>
<details>
<summary>typicode/husky (husky)</summary>
### [`v9.1.5`](https://togithub.com/typicode/husky/compare/v9.1.4...2fee8d212c601942ad146ea9209f15c20a07fb6d)
[Compare Source](https://togithub.com/typicode/husky/compare/v9.1.4...v9.1.5)
</details>
<details>
<summary>jotaijs/jotai-scope (jotai-scope)</summary>
### [`v0.7.2`](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
[Compare Source](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
</details>
<details>
<summary>lucide-icons/lucide (lucide-react)</summary>
### [`v0.429.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.429.0): New icons 0.429.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.428.0...0.429.0)
#### Modified Icons 🔨
- `message-square-dashed` ([#​2374](https://togithub.com/lucide-icons/lucide/issues/2374)) by [@​jguddas](https://togithub.com/jguddas)
- `stethoscope` ([#​2379](https://togithub.com/lucide-icons/lucide/issues/2379)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.428.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.428.0): New icons 0.428.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.427.0...0.428.0)
#### New icons 🎨
- `tickets-plane` ([#​2196](https://togithub.com/lucide-icons/lucide/issues/2196)) by [@​jguddas](https://togithub.com/jguddas)
#### Modified Icons 🔨
- `folder-search` ([#​2354](https://togithub.com/lucide-icons/lucide/issues/2354)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.427.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.427.0): New icons 0.427.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.426.0...0.427.0)
#### New icons 🎨
- `binoculars` ([#​2207](https://togithub.com/lucide-icons/lucide/issues/2207)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `tickets` ([#​2335](https://togithub.com/lucide-icons/lucide/issues/2335)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.426.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.426.0): New icons 0.426.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.425.0...0.426.0)
#### New icons 🎨
- `chevrons-left-right-ellipsis` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
- `ethernet-port` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
#### Modified Icons 🔨
- `cigarette-off` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
- `cigarette` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.425.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.425.0): New icons 0.425.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.424.0...0.425.0)
#### New icons 🎨
- `bandage` ([#​2341](https://togithub.com/lucide-icons/lucide/issues/2341)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `table-of-contents` ([#​2348](https://togithub.com/lucide-icons/lucide/issues/2348)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `mouse-pointer-2` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-ban` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-click` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-dashed-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.424.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.424.0): New icons 0.424.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.423.0...0.424.0)
#### New icons 🎨
- `map-pin-house` ([#​2337](https://togithub.com/lucide-icons/lucide/issues/2337)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `replace-all` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
- `replace` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.423.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.423.0): New icons 0.423.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.422.0...0.423.0)
#### New icons 🎨
- `amphora` ([#​1926](https://togithub.com/lucide-icons/lucide/issues/1926)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.422.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.422.0): New icons 0.422.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.421.0...0.422.0)
#### Modified Icons 🔨
- `skull` ([#​2197](https://togithub.com/lucide-icons/lucide/issues/2197)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.421.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.421.0): New icons 0.421.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.420.0...0.421.0)
#### New icons 🎨
- `microchip` ([#​1982](https://togithub.com/lucide-icons/lucide/issues/1982)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `circle-check-big` ([#​2330](https://togithub.com/lucide-icons/lucide/issues/2330)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-download` ([#​2355](https://togithub.com/lucide-icons/lucide/issues/2355)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `pentagon` ([#​1918](https://togithub.com/lucide-icons/lucide/issues/1918)) by [@​jguddas](https://togithub.com/jguddas)
- `square-check-big` ([#​2331](https://togithub.com/lucide-icons/lucide/issues/2331)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.420.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.420.0): New icons 0.420.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.419.0...0.420.0)
#### New icons 🎨
- `omega` ([#​2347](https://togithub.com/lucide-icons/lucide/issues/2347)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `calendar-search` ([#​2351](https://togithub.com/lucide-icons/lucide/issues/2351)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-upload` ([#​2352](https://togithub.com/lucide-icons/lucide/issues/2352)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.419.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.419.0): New icons 0.419.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.418.0...0.419.0)
#### New icons 🎨
- `circle-fading-arrow-up` ([#​2287](https://togithub.com/lucide-icons/lucide/issues/2287)) by [@​mosch](https://togithub.com/mosch)
### [`v0.418.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.418.0): New icons 0.418.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.417.0...0.418.0)
#### New icons 🎨
- `id-card` ([#​1296](https://togithub.com/lucide-icons/lucide/issues/1296)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.417.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.417.0): New icons 0.417.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.416.0...0.417.0)
#### Modified Icons 🔨
- `chart-column-increasing` ([#​2334](https://togithub.com/lucide-icons/lucide/issues/2334)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.416.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.416.0): New icons 0.416.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.415.0...0.416.0)
#### New icons 🎨
- `map-pin-check-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-check` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `map-pin-off` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pinned` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.415.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.415.0): New icons 0.415.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.414.0...0.415.0)
#### New icons 🎨
- `square-square` ([#​2241](https://togithub.com/lucide-icons/lucide/issues/2241)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.414.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.414.0): New icons 0.414.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.413.0...0.414.0)
#### New icons 🎨
- `chart-area` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-decreasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-big` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-network` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-no-axes-combined` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-spline` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.413.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.413.0): New icons 0.413.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.412.0...0.413.0)
#### New icons 🎨
- `dam` ([#​2233](https://togithub.com/lucide-icons/lucide/issues/2233)) by [@​AndreasSas](https://togithub.com/AndreasSas)
#### Modified Icons 🔨
- `dog` ([#​2249](https://togithub.com/lucide-icons/lucide/issues/2249)) by [@​jguddas](https://togithub.com/jguddas)
- `key-square` ([#​2277](https://togithub.com/lucide-icons/lucide/issues/2277)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.412.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.412.0): New icons 0.412.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.411.0...0.412.0)
#### New icons 🎨
- `letter-text` ([#​2252](https://togithub.com/lucide-icons/lucide/issues/2252)) by [@​GRA0007](https://togithub.com/GRA0007)
### [`v0.411.0`](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
### [`v0.410.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.410.0): New icons 0.410.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.409.0...0.410.0)
#### New icons 🎨
- `philippine-peso` ([#​2231](https://togithub.com/lucide-icons/lucide/issues/2231)) by [@​kasutu](https://togithub.com/kasutu)
#### Modified Icons 🔨
- `ribbon` ([#​2271](https://togithub.com/lucide-icons/lucide/issues/2271)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.409.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.409.0): New icons 0.409.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.408.0...0.409.0)
#### Modified Icons 🔨
- `calendar-minus` ([#​2265](https://togithub.com/lucide-icons/lucide/issues/2265)) by [@​jguddas](https://togithub.com/jguddas)
- `eye-off` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `image-plus` ([#​2321](https://togithub.com/lucide-icons/lucide/issues/2321)) by [@​jguddas](https://togithub.com/jguddas)
- `scan-eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `view` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
</details>
<details>
<summary>nodejs/node (node)</summary>
### [`v20.16.0`](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
[Compare Source](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
</details>
<details>
<summary>facebook/react (react-refresh)</summary>
### [`v0.14.2`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0142-November-2-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.1...v0.14.2)
##### React DOM
- Fixed bug with development build preventing events from firing in some versions of Internet Explorer & Edge
- Fixed bug with development build when using es5-sham in older versions of Internet Explorer
- Added support for `integrity` attribute
- Fixed bug resulting in `children` prop being coerced to a string for custom elements, which was not the desired behavior
- Moved `react` from `dependencies` to `peerDependencies` to match expectations and align with `react-addons-*` packages
### [`v0.14.1`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#01410-October-14-2020)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.0...v0.14.1)
##### React
- Backport support for the [new JSX transform](https://reactjs.org/blog/2020/09/22/introducing-the-new-jsx-transform.html) to 0.14.x. ([@​lunaruan](https://togithub.com/lunaruan) in [#​18299](https://togithub.com/facebook/react/pull/18299) and [@​gaearon](https://togithub.com/gaearon) in [#​20024](https://togithub.com/facebook/react/pull/20024))
### [`v0.14.0`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0140-October-7-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.13.0...v0.14.0)
##### Major changes
- Split the main `react` package into two: `react` and `react-dom`. This paves the way to writing components that can be shared between the web version of React and React Native. This means you will need to include both files and some functions have been moved from `React` to `ReactDOM`.
- Addons have been moved to separate packages (`react-addons-clone-with-props`, `react-addons-create-fragment`, `react-addons-css-transition-group`, `react-addons-linked-state-mixin`, `react-addons-perf`, `react-addons-pure-render-mixin`, `react-addons-shallow-compare`, `react-addons-test-utils`, `react-addons-transition-group`, `react-addons-update`, `ReactDOM.unstable_batchedUpdates`).
- Stateless functional components - React components were previously created using React.createClass or using ES6 classes. This release adds a [new syntax](https://reactjs.org/docs/reusable-components.html#stateless-functions) where a user defines a single [stateless render function](https://reactjs.org/docs/reusable-components.html#stateless-functions) (with one parameter: `props`) which returns a JSX element, and this function may be used as a component.
- Refs to DOM components as the DOM node itself. Previously the only useful thing you can do with a DOM component is call `getDOMNode()` to get the underlying DOM node. Starting with this release, a ref to a DOM component *is* the actual DOM node. **Note that refs to custom (user-defined) components work exactly as before; only the built-in DOM components are affected by this change.**
##### Breaking changes
- `React.initializeTouchEvents` is no longer necessary and has been removed completely. Touch events now work automatically.
- Add-Ons: Due to the DOM node refs change mentioned above, `TestUtils.findAllInRenderedTree` and related helpers are no longer able to take a DOM component, only a custom component.
- The `props` object is now frozen, so mutating props after creating a component element is no longer supported. In most cases, [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) should be used instead. This change makes your components easier to reason about and enables the compiler optimizations mentioned above.
- Plain objects are no longer supported as React children; arrays should be used instead. You can use the [`createFragment`](https://reactjs.org/docs/create-fragment.html) helper to migrate, which now returns an array.
- Add-Ons: `classSet` has been removed. Use [classnames](https://togithub.com/JedWatson/classnames) instead.
- Web components (custom elements) now use native property names. Eg: `class` instead of `className`.
##### Deprecations
- `this.getDOMNode()` is now deprecated and `ReactDOM.findDOMNode(this)` can be used instead. Note that in the common case, `findDOMNode` is now unnecessary since a ref to the DOM component is now the actual DOM node.
- `setProps` and `replaceProps` are now deprecated. Instead, call ReactDOM.render again at the top level with the new props.
- ES6 component classes must now extend `React.Component` in order to enable stateless function components. The [ES3 module pattern](https://reactjs.org/blog/2015/01/27/react-v0.13.0-beta-1.html#other-languages) will continue to work.
- Reusing and mutating a `style` object between renders has been deprecated. This mirrors our change to freeze the `props` object.
- Add-Ons: `cloneWithProps` is now deprecated. Use [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) instead (unlike `cloneW
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-22 07:12:22 +03:00
|
|
|
version = "2.4.0"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
chore: bump up all non-major dependencies (#7925)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type | Update |
|---|---|---|---|---|---|---|---|
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.633.0` -> `3.635.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@aws-sdk%2fclient-s3/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@aws-sdk%2fclient-s3/3.633.0/3.635.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@chromatic-com/storybook](https://togithub.com/chromaui/addon-visual-tests) | [`1.6.1` -> `1.7.0`](https://renovatebot.com/diffs/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@chromatic-com%2fstorybook/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@chromatic-com%2fstorybook/1.6.1/1.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@emotion/react](https://togithub.com/emotion-js/emotion/tree/main#readme) ([source](https://togithub.com/emotion-js/emotion)) | [`11.13.0` -> `11.13.3`](https://renovatebot.com/diffs/npm/@emotion%2freact/11.13.0/11.13.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@emotion%2freact/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@emotion%2freact/11.13.0/11.13.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [@fal-ai/serverless-client](https://togithub.com/fal-ai/fal-js) ([source](https://togithub.com/fal-ai/fal-js/tree/HEAD/libs/client)) | [`^0.13.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@fal-ai%2fserverless-client/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@fal-ai%2fserverless-client/0.13.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [@napi-rs/cli](https://togithub.com/napi-rs/napi-rs) | [`3.0.0-alpha.60` -> `3.0.0-alpha.62`](https://renovatebot.com/diffs/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@napi-rs%2fcli/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@napi-rs%2fcli/3.0.0-alpha.60/3.0.0-alpha.62?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@playwright/test](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@playwright%2ftest/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@playwright%2ftest/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [@types/react](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/react) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react)) | [`18.3.3` -> `18.3.4`](https://renovatebot.com/diffs/npm/@types%2freact/18.3.3/18.3.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2freact/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2freact/18.3.3/18.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/css](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/css)) | [`1.15.4` -> `1.15.5`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fcss/1.15.4/1.15.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fcss/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fcss/1.15.4/1.15.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/vite-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/vite-plugin)) | [`4.0.14` -> `4.0.15`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fvite-plugin/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fvite-plugin/4.0.14/4.0.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [@vanilla-extract/webpack-plugin](https://togithub.com/vanilla-extract-css/vanilla-extract) ([source](https://togithub.com/vanilla-extract-css/vanilla-extract/tree/HEAD/packages/webpack-plugin)) | [`2.3.12` -> `2.3.13`](https://renovatebot.com/diffs/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@vanilla-extract%2fwebpack-plugin/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vanilla-extract%2fwebpack-plugin/2.3.12/2.3.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [core-js](https://togithub.com/zloirock/core-js) ([source](https://togithub.com/zloirock/core-js/tree/HEAD/packages/core-js)) | [`3.38.0` -> `3.38.1`](https://renovatebot.com/diffs/npm/core-js/3.38.0/3.38.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/core-js/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/core-js/3.38.0/3.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [dayjs](https://day.js.org) ([source](https://togithub.com/iamkun/dayjs)) | [`1.11.12` -> `1.11.13`](https://renovatebot.com/diffs/npm/dayjs/1.11.12/1.11.13) | [![age](https://developer.mend.io/api/mc/badges/age/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/dayjs/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/dayjs/1.11.12/1.11.13?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [electron](https://togithub.com/electron/electron) | [`32.0.0` -> `32.0.1`](https://renovatebot.com/diffs/npm/electron/32.0.0/32.0.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/electron/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron/32.0.0/32.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [embla-carousel-react](https://www.embla-carousel.com) ([source](https://togithub.com/davidjerleke/embla-carousel)) | [`8.1.8` -> `8.2.0`](https://renovatebot.com/diffs/npm/embla-carousel-react/8.1.8/8.2.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/embla-carousel-react/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/embla-carousel-react/8.1.8/8.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [husky](https://togithub.com/typicode/husky) | [`9.1.4` -> `9.1.5`](https://renovatebot.com/diffs/npm/husky/9.1.4/9.1.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/husky/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/husky/9.1.4/9.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [jotai-scope](https://togithub.com/jotaijs/jotai-scope) | [`0.7.1` -> `0.7.2`](https://renovatebot.com/diffs/npm/jotai-scope/0.7.1/0.7.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/jotai-scope/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/jotai-scope/0.7.1/0.7.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch |
| [lucide-react](https://lucide.dev) ([source](https://togithub.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react)) | [`^0.408.0` -> `^0.429.0`](https://renovatebot.com/diffs/npm/lucide-react/0.408.0/0.429.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/lucide-react/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/lucide-react/0.408.0/0.429.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [napi](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.7` -> `3.0.0-alpha.8` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi/3.0.0-alpha.7/3.0.0-alpha.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [napi-derive](https://togithub.com/napi-rs/napi-rs) | `3.0.0-alpha.6` -> `3.0.0-alpha.7` | [![age](https://developer.mend.io/api/mc/badges/age/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/napi-derive/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/napi-derive/3.0.0-alpha.6/3.0.0-alpha.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [nestjs-throttler-storage-redis](https://togithub.com/kkoomen/nestjs-throttler-storage-redis) | [`^0.4.1` -> `^0.5.0`](https://renovatebot.com/diffs/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/nestjs-throttler-storage-redis/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nestjs-throttler-storage-redis/0.4.4/0.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor |
| [node](https://nodejs.org) ([source](https://togithub.com/nodejs/node)) | `20.15.1` -> `20.16.0` | [![age](https://developer.mend.io/api/mc/badges/age/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/node-version/node/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/node-version/node/v20.15.1/v20.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor |
| openresty/openresty | `1.25.3.1-0-buster` -> `1.25.3.2-0-buster` | [![age](https://developer.mend.io/api/mc/badges/age/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/docker/openresty%2fopenresty/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/openresty%2fopenresty/1.25.3.1/1.25.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | final | patch |
| [playwright](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | [`=1.44.1` -> `=1.46.1`](https://renovatebot.com/diffs/npm/playwright/1.44.1/1.46.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/playwright/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/playwright/1.44.1/1.46.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [react-refresh](https://reactjs.org/) ([source](https://togithub.com/facebook/react/tree/HEAD/packages/react)) | [`^0.10.0` -> `^0.14.0`](https://renovatebot.com/diffs/npm/react-refresh/0.10.0/0.14.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/react-refresh/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-refresh/0.10.0/0.14.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor |
| [serde](https://serde.rs) ([source](https://togithub.com/serde-rs/serde)) | `1.0.204` -> `1.0.208` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde/1.0.204/1.0.208?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [serde_json](https://togithub.com/serde-rs/json) | `1.0.120` -> `1.0.125` | [![age](https://developer.mend.io/api/mc/badges/age/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/serde_json/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/serde_json/1.0.120/1.0.125?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | patch |
| [storybook-dark-mode](https://togithub.com/hipstersmoothie/storybook-dark-mode) | [`4.0.1` -> `4.0.2`](https://renovatebot.com/diffs/npm/storybook-dark-mode/4.0.1/4.0.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/storybook-dark-mode/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/storybook-dark-mode/4.0.1/4.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dev-dependencies | minor |
| [tokio](https://tokio.rs) ([source](https://togithub.com/tokio-rs/tokio)) | `1.38.0` -> `1.39.3` | [![age](https://developer.mend.io/api/mc/badges/age/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/crate/tokio/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/crate/tokio/1.38.0/1.39.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | workspace.dependencies | minor |
| [vite](https://vitejs.dev) ([source](https://togithub.com/vitejs/vite/tree/HEAD/packages/vite)) | [`5.4.1` -> `5.4.2`](https://renovatebot.com/diffs/npm/vite/5.4.1/5.4.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/5.4.1/5.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [vite-plugin-dts](https://togithub.com/qmhc/vite-plugin-dts) | [`4.0.2` -> `4.0.3`](https://renovatebot.com/diffs/npm/vite-plugin-dts/4.0.2/4.0.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite-plugin-dts/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite-plugin-dts/4.0.2/4.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
| [wrangler](https://togithub.com/cloudflare/workers-sdk) ([source](https://togithub.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler)) | [`3.72.0` -> `3.72.1`](https://renovatebot.com/diffs/npm/wrangler/3.72.0/3.72.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/wrangler/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/wrangler/3.72.0/3.72.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch |
---
### Release Notes
<details>
<summary>aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)</summary>
### [`v3.635.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#36350-2024-08-20)
[Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.633.0...v3.635.0)
##### Features
- **client-s3:** Amazon Simple Storage Service / Features : Add support for conditional writes for PutObject and CompleteMultipartUpload APIs. ([b474584](https://togithub.com/aws/aws-sdk-js-v3/commit/b474584f2cfb0438fb1007d0594a54cf1a1c2dcb))
- **codegen:** add Smithy RPCv2 CBOR to list of protocols ([#​6096](https://togithub.com/aws/aws-sdk-js-v3/issues/6096)) ([5154d4f](https://togithub.com/aws/aws-sdk-js-v3/commit/5154d4f19bc77a7bad075b35ce135d3b5f60ad1d))
</details>
<details>
<summary>chromaui/addon-visual-tests (@​chromatic-com/storybook)</summary>
### [`v1.7.0`](https://togithub.com/chromaui/addon-visual-tests/blob/HEAD/CHANGELOG.md#v170-Tue-Aug-20-2024)
[Compare Source](https://togithub.com/chromaui/addon-visual-tests/compare/v1.6.1...v1.7.0)
##### 🚀 Enhancement
- Update story status reporting for Storybook 8.3 and use new `SET_FILTER` event [#​332](https://togithub.com/chromaui/addon-visual-tests/pull/332) ([@​ghengeveld](https://togithub.com/ghengeveld))
##### Authors: 1
- Gert Hengeveld ([@​ghengeveld](https://togithub.com/ghengeveld))
***
</details>
<details>
<summary>emotion-js/emotion (@​emotion/react)</summary>
### [`v11.13.3`](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...3f468846855ed1c6092922a6317a6f5df0ba8dcc)
[Compare Source](https://togithub.com/emotion-js/emotion/compare/@emotion/react@11.13.0...@emotion/react@11.13.3)
</details>
<details>
<summary>fal-ai/fal-js (@​fal-ai/serverless-client)</summary>
### [`v0.14.2`](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/c3a3c3d21a664d5920d374ad5437957e68fa3fd5...b3ab5f0e15d70d83c439f6a77bb3a5cfa7fa3271)
### [`v0.14.1`](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/6edbf2948df1010110726071d33a91005f95920b...c3a3c3d21a664d5920d374ad5437957e68fa3fd5)
### [`v0.14.0`](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
[Compare Source](https://togithub.com/fal-ai/fal-js/compare/cf300e9cc0d65ab999a506f07e3806e239d4d3d9...6edbf2948df1010110726071d33a91005f95920b)
</details>
<details>
<summary>napi-rs/napi-rs (@​napi-rs/cli)</summary>
### [`v3.0.0-alpha.62`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.61...@napi-rs/cli@3.0.0-alpha.62)
### [`v3.0.0-alpha.61`](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
[Compare Source](https://togithub.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.0.0-alpha.60...@napi-rs/cli@3.0.0-alpha.61)
</details>
<details>
<summary>microsoft/playwright (@​playwright/test)</summary>
### [`v1.46.1`](https://togithub.com/microsoft/playwright/compare/v1.46.0...e1c861cfa7a6caf3c5b798786b1e6298c4f3cf31)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.46.0...v1.46.1)
### [`v1.46.0`](https://togithub.com/microsoft/playwright/compare/v1.45.3...99a36310570617222290c09b96a2026beb8b00f9)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.3...v1.46.0)
### [`v1.45.3`](https://togithub.com/microsoft/playwright/compare/v1.45.2...0e130fa8edaf85765c4a5a86bded0e6d33bfd7c2)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.2...v1.45.3)
### [`v1.45.2`](https://togithub.com/microsoft/playwright/compare/v1.45.1...d8a5f3b33193e413b404ff4aa1f71e859d8f1b6b)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.1...v1.45.2)
### [`v1.45.1`](https://togithub.com/microsoft/playwright/compare/v1.45.0...e8989f83d9801cdaadc3803b5341c601c9593947)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.45.0...v1.45.1)
### [`v1.45.0`](https://togithub.com/microsoft/playwright/compare/v1.44.1...4f3f6eecae490af444dd9298c9eaeb0c596915b7)
[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.44.1...v1.45.0)
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/css)</summary>
### [`v1.15.5`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/css/CHANGELOG.md#1155)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/css@1.15.4...@vanilla-extract/css@1.15.5)
##### Patch Changes
- [#​1466](https://togithub.com/vanilla-extract-css/vanilla-extract/pull/1466) [`6432199fa0717f424fb3f45fbe36410b03b01c1c`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/6432199fa0717f424fb3f45fbe36410b03b01c1c) Thanks [@​askoufis](https://togithub.com/askoufis)! - Speed up dev prefix generation for long file paths
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/vite-plugin)</summary>
### [`v4.0.15`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/vite-plugin/CHANGELOG.md#4015)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/vite-plugin@4.0.14...@vanilla-extract/vite-plugin@4.0.15)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>vanilla-extract-css/vanilla-extract (@​vanilla-extract/webpack-plugin)</summary>
### [`v2.3.13`](https://togithub.com/vanilla-extract-css/vanilla-extract/blob/HEAD/packages/webpack-plugin/CHANGELOG.md#2313)
[Compare Source](https://togithub.com/vanilla-extract-css/vanilla-extract/compare/@vanilla-extract/webpack-plugin@2.3.12...@vanilla-extract/webpack-plugin@2.3.13)
##### Patch Changes
- Updated dependencies \[[`96dd466127374b21ad7e48e5dd168a03a96af047`](https://togithub.com/vanilla-extract-css/vanilla-extract/commit/96dd466127374b21ad7e48e5dd168a03a96af047)]:
- [@​vanilla-extract/integration](https://togithub.com/vanilla-extract/integration)[@​7](https://togithub.com/7).1.9
</details>
<details>
<summary>zloirock/core-js (core-js)</summary>
### [`v3.38.1`](https://togithub.com/zloirock/core-js/blob/HEAD/CHANGELOG.md#3381---20240820)
[Compare Source](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Changes [v3.38.0...v3.38.1](https://togithub.com/zloirock/core-js/compare/v3.38.0...v3.38.1)
- Fixed some cases of `URLSearchParams` percent decoding, [#​1357](https://togithub.com/zloirock/core-js/issues/1357), [#​1361](https://togithub.com/zloirock/core-js/pull/1361), thanks [**@​slowcheetah**](https://togithub.com/slowcheetah)
- Some stylistic changes and minor optimizations
- Compat data improvements:
- [`Iterator` helpers proposal](https://togithub.com/tc39/proposal-iterator-helpers) methods marked as [shipped from FF131](https://bugzilla.mozilla.org/show_bug.cgi?id=1896390)
- [`Math.f16round` and `DataView.prototype.{ getFloat16, setFloat16 }`](https://togithub.com/tc39/proposal-float16array) marked as shipped from Bun 1.1.23
- [`RegExp.escape`](https://togithub.com/tc39/proposal-regex-escaping) marked as shipped from Bun 1.1.22
- [`Promise.try`](https://togithub.com/tc39/proposal-promise-try) marked as shipped from Bun 1.1.22
- [`Uint8Array` to / from base64 and hex proposal](https://togithub.com/tc39/proposal-arraybuffer-base64) methods marked as shipped from Bun 1.1.22
- Added Hermes 0.13 compat data, similar to React Native 0.75 Hermes
- Added Opera Android 84 compat data mapping
</details>
<details>
<summary>iamkun/dayjs (dayjs)</summary>
### [`v1.11.13`](https://togithub.com/iamkun/dayjs/compare/v1.11.12...93c8fd0f807b8a8252f4cd65083bb1d6a49b90e7)
[Compare Source](https://togithub.com/iamkun/dayjs/compare/v1.11.12...v1.11.13)
</details>
<details>
<summary>electron/electron (electron)</summary>
### [`v32.0.1`](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
[Compare Source](https://togithub.com/electron/electron/compare/v32.0.0...v32.0.1)
</details>
<details>
<summary>davidjerleke/embla-carousel (embla-carousel-react)</summary>
### [`v8.2.0`](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...6baf1555c6f68e88a7f785213ecf363f447a8b2f)
[Compare Source](https://togithub.com/davidjerleke/embla-carousel/compare/v8.1.8...v8.2.0)
</details>
<details>
<summary>typicode/husky (husky)</summary>
### [`v9.1.5`](https://togithub.com/typicode/husky/compare/v9.1.4...2fee8d212c601942ad146ea9209f15c20a07fb6d)
[Compare Source](https://togithub.com/typicode/husky/compare/v9.1.4...v9.1.5)
</details>
<details>
<summary>jotaijs/jotai-scope (jotai-scope)</summary>
### [`v0.7.2`](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
[Compare Source](https://togithub.com/jotaijs/jotai-scope/compare/v0.7.1...v0.7.2)
</details>
<details>
<summary>lucide-icons/lucide (lucide-react)</summary>
### [`v0.429.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.429.0): New icons 0.429.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.428.0...0.429.0)
#### Modified Icons 🔨
- `message-square-dashed` ([#​2374](https://togithub.com/lucide-icons/lucide/issues/2374)) by [@​jguddas](https://togithub.com/jguddas)
- `stethoscope` ([#​2379](https://togithub.com/lucide-icons/lucide/issues/2379)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.428.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.428.0): New icons 0.428.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.427.0...0.428.0)
#### New icons 🎨
- `tickets-plane` ([#​2196](https://togithub.com/lucide-icons/lucide/issues/2196)) by [@​jguddas](https://togithub.com/jguddas)
#### Modified Icons 🔨
- `folder-search` ([#​2354](https://togithub.com/lucide-icons/lucide/issues/2354)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.427.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.427.0): New icons 0.427.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.426.0...0.427.0)
#### New icons 🎨
- `binoculars` ([#​2207](https://togithub.com/lucide-icons/lucide/issues/2207)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `tickets` ([#​2335](https://togithub.com/lucide-icons/lucide/issues/2335)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.426.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.426.0): New icons 0.426.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.425.0...0.426.0)
#### New icons 🎨
- `chevrons-left-right-ellipsis` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
- `ethernet-port` ([#​2120](https://togithub.com/lucide-icons/lucide/issues/2120)) by [@​ericfennis](https://togithub.com/ericfennis)
#### Modified Icons 🔨
- `cigarette-off` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
- `cigarette` ([#​2282](https://togithub.com/lucide-icons/lucide/issues/2282)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.425.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.425.0): New icons 0.425.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.424.0...0.425.0)
#### New icons 🎨
- `bandage` ([#​2341](https://togithub.com/lucide-icons/lucide/issues/2341)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `table-of-contents` ([#​2348](https://togithub.com/lucide-icons/lucide/issues/2348)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `mouse-pointer-2` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-ban` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer-click` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-dashed-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `square-mouse-pointer` ([#​2350](https://togithub.com/lucide-icons/lucide/issues/2350)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.424.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.424.0): New icons 0.424.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.423.0...0.424.0)
#### New icons 🎨
- `map-pin-house` ([#​2337](https://togithub.com/lucide-icons/lucide/issues/2337)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `replace-all` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
- `replace` ([#​2333](https://togithub.com/lucide-icons/lucide/issues/2333)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.423.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.423.0): New icons 0.423.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.422.0...0.423.0)
#### New icons 🎨
- `amphora` ([#​1926](https://togithub.com/lucide-icons/lucide/issues/1926)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.422.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.422.0): New icons 0.422.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.421.0...0.422.0)
#### Modified Icons 🔨
- `skull` ([#​2197](https://togithub.com/lucide-icons/lucide/issues/2197)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.421.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.421.0): New icons 0.421.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.420.0...0.421.0)
#### New icons 🎨
- `microchip` ([#​1982](https://togithub.com/lucide-icons/lucide/issues/1982)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `circle-check-big` ([#​2330](https://togithub.com/lucide-icons/lucide/issues/2330)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-download` ([#​2355](https://togithub.com/lucide-icons/lucide/issues/2355)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `pentagon` ([#​1918](https://togithub.com/lucide-icons/lucide/issues/1918)) by [@​jguddas](https://togithub.com/jguddas)
- `square-check-big` ([#​2331](https://togithub.com/lucide-icons/lucide/issues/2331)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.420.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.420.0): New icons 0.420.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.419.0...0.420.0)
#### New icons 🎨
- `omega` ([#​2347](https://togithub.com/lucide-icons/lucide/issues/2347)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `calendar-search` ([#​2351](https://togithub.com/lucide-icons/lucide/issues/2351)) by [@​jguddas](https://togithub.com/jguddas)
- `cloud-upload` ([#​2352](https://togithub.com/lucide-icons/lucide/issues/2352)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.419.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.419.0): New icons 0.419.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.418.0...0.419.0)
#### New icons 🎨
- `circle-fading-arrow-up` ([#​2287](https://togithub.com/lucide-icons/lucide/issues/2287)) by [@​mosch](https://togithub.com/mosch)
### [`v0.418.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.418.0): New icons 0.418.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.417.0...0.418.0)
#### New icons 🎨
- `id-card` ([#​1296](https://togithub.com/lucide-icons/lucide/issues/1296)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.417.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.417.0): New icons 0.417.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.416.0...0.417.0)
#### Modified Icons 🔨
- `chart-column-increasing` ([#​2334](https://togithub.com/lucide-icons/lucide/issues/2334)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.416.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.416.0): New icons 0.416.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.415.0...0.416.0)
#### New icons 🎨
- `map-pin-check-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-check` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-minus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-plus` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x-inside` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin-x` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
#### Modified Icons 🔨
- `map-pin-off` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pin` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `map-pinned` ([#​2301](https://togithub.com/lucide-icons/lucide/issues/2301)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.415.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.415.0): New icons 0.415.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.414.0...0.415.0)
#### New icons 🎨
- `square-square` ([#​2241](https://togithub.com/lucide-icons/lucide/issues/2241)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.414.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.414.0): New icons 0.414.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.413.0...0.414.0)
#### New icons 🎨
- `chart-area` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-decreasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-bar-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-big` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-increasing` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-column-stacked` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-network` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-no-axes-combined` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `chart-spline` ([#​2219](https://togithub.com/lucide-icons/lucide/issues/2219)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
### [`v0.413.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.413.0): New icons 0.413.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.412.0...0.413.0)
#### New icons 🎨
- `dam` ([#​2233](https://togithub.com/lucide-icons/lucide/issues/2233)) by [@​AndreasSas](https://togithub.com/AndreasSas)
#### Modified Icons 🔨
- `dog` ([#​2249](https://togithub.com/lucide-icons/lucide/issues/2249)) by [@​jguddas](https://togithub.com/jguddas)
- `key-square` ([#​2277](https://togithub.com/lucide-icons/lucide/issues/2277)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.412.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.412.0): New icons 0.412.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.411.0...0.412.0)
#### New icons 🎨
- `letter-text` ([#​2252](https://togithub.com/lucide-icons/lucide/issues/2252)) by [@​GRA0007](https://togithub.com/GRA0007)
### [`v0.411.0`](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.410.0...0.411.0)
### [`v0.410.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.410.0): New icons 0.410.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.409.0...0.410.0)
#### New icons 🎨
- `philippine-peso` ([#​2231](https://togithub.com/lucide-icons/lucide/issues/2231)) by [@​kasutu](https://togithub.com/kasutu)
#### Modified Icons 🔨
- `ribbon` ([#​2271](https://togithub.com/lucide-icons/lucide/issues/2271)) by [@​jguddas](https://togithub.com/jguddas)
### [`v0.409.0`](https://togithub.com/lucide-icons/lucide/releases/tag/0.409.0): New icons 0.409.0
[Compare Source](https://togithub.com/lucide-icons/lucide/compare/0.408.0...0.409.0)
#### Modified Icons 🔨
- `calendar-minus` ([#​2265](https://togithub.com/lucide-icons/lucide/issues/2265)) by [@​jguddas](https://togithub.com/jguddas)
- `eye-off` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `image-plus` ([#​2321](https://togithub.com/lucide-icons/lucide/issues/2321)) by [@​jguddas](https://togithub.com/jguddas)
- `scan-eye` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
- `view` ([#​2317](https://togithub.com/lucide-icons/lucide/issues/2317)) by [@​karsa-mistmere](https://togithub.com/karsa-mistmere)
</details>
<details>
<summary>nodejs/node (node)</summary>
### [`v20.16.0`](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
[Compare Source](https://togithub.com/nodejs/node/compare/v20.15.1...v20.16.0)
</details>
<details>
<summary>facebook/react (react-refresh)</summary>
### [`v0.14.2`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0142-November-2-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.1...v0.14.2)
##### React DOM
- Fixed bug with development build preventing events from firing in some versions of Internet Explorer & Edge
- Fixed bug with development build when using es5-sham in older versions of Internet Explorer
- Added support for `integrity` attribute
- Fixed bug resulting in `children` prop being coerced to a string for custom elements, which was not the desired behavior
- Moved `react` from `dependencies` to `peerDependencies` to match expectations and align with `react-addons-*` packages
### [`v0.14.1`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#01410-October-14-2020)
[Compare Source](https://togithub.com/facebook/react/compare/v0.14.0...v0.14.1)
##### React
- Backport support for the [new JSX transform](https://reactjs.org/blog/2020/09/22/introducing-the-new-jsx-transform.html) to 0.14.x. ([@​lunaruan](https://togithub.com/lunaruan) in [#​18299](https://togithub.com/facebook/react/pull/18299) and [@​gaearon](https://togithub.com/gaearon) in [#​20024](https://togithub.com/facebook/react/pull/20024))
### [`v0.14.0`](https://togithub.com/facebook/react/blob/HEAD/CHANGELOG.md#0140-October-7-2015)
[Compare Source](https://togithub.com/facebook/react/compare/v0.13.0...v0.14.0)
##### Major changes
- Split the main `react` package into two: `react` and `react-dom`. This paves the way to writing components that can be shared between the web version of React and React Native. This means you will need to include both files and some functions have been moved from `React` to `ReactDOM`.
- Addons have been moved to separate packages (`react-addons-clone-with-props`, `react-addons-create-fragment`, `react-addons-css-transition-group`, `react-addons-linked-state-mixin`, `react-addons-perf`, `react-addons-pure-render-mixin`, `react-addons-shallow-compare`, `react-addons-test-utils`, `react-addons-transition-group`, `react-addons-update`, `ReactDOM.unstable_batchedUpdates`).
- Stateless functional components - React components were previously created using React.createClass or using ES6 classes. This release adds a [new syntax](https://reactjs.org/docs/reusable-components.html#stateless-functions) where a user defines a single [stateless render function](https://reactjs.org/docs/reusable-components.html#stateless-functions) (with one parameter: `props`) which returns a JSX element, and this function may be used as a component.
- Refs to DOM components as the DOM node itself. Previously the only useful thing you can do with a DOM component is call `getDOMNode()` to get the underlying DOM node. Starting with this release, a ref to a DOM component *is* the actual DOM node. **Note that refs to custom (user-defined) components work exactly as before; only the built-in DOM components are affected by this change.**
##### Breaking changes
- `React.initializeTouchEvents` is no longer necessary and has been removed completely. Touch events now work automatically.
- Add-Ons: Due to the DOM node refs change mentioned above, `TestUtils.findAllInRenderedTree` and related helpers are no longer able to take a DOM component, only a custom component.
- The `props` object is now frozen, so mutating props after creating a component element is no longer supported. In most cases, [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) should be used instead. This change makes your components easier to reason about and enables the compiler optimizations mentioned above.
- Plain objects are no longer supported as React children; arrays should be used instead. You can use the [`createFragment`](https://reactjs.org/docs/create-fragment.html) helper to migrate, which now returns an array.
- Add-Ons: `classSet` has been removed. Use [classnames](https://togithub.com/JedWatson/classnames) instead.
- Web components (custom elements) now use native property names. Eg: `class` instead of `className`.
##### Deprecations
- `this.getDOMNode()` is now deprecated and `ReactDOM.findDOMNode(this)` can be used instead. Note that in the common case, `findDOMNode` is now unnecessary since a ref to the DOM component is now the actual DOM node.
- `setProps` and `replaceProps` are now deprecated. Instead, call ReactDOM.render again at the top level with the new props.
- ES6 component classes must now extend `React.Component` in order to enable stateless function components. The [ES3 module pattern](https://reactjs.org/blog/2015/01/27/react-v0.13.0-beta-1.html#other-languages) will continue to work.
- Reusing and mutating a `style` object between renders has been deprecated. This mirrors our change to freeze the `props` object.
- Add-Ons: `cloneWithProps` is now deprecated. Use [`React.cloneElement`](https://reactjs.org/docs/react-api.html#cloneelement) instead (unlike `cloneW
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-22 07:12:22 +03:00
|
|
|
checksum = "693d596312e88961bc67d7f1f97af8a70227d9f90c31bba5806eec004978d752"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
|
|
|
"proc-macro2",
|
2023-06-07 09:52:19 +03:00
|
|
|
"quote",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"syn",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "tokio-stream"
|
2024-12-13 16:04:06 +03:00
|
|
|
version = "0.1.17"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-13 16:04:06 +03:00
|
|
|
checksum = "eca58d7bba4a75707817a2c44174253f9236b2d5fbd055602e9d5c07c139a047"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-06-07 09:52:19 +03:00
|
|
|
"futures-core",
|
|
|
|
"pin-project-lite",
|
|
|
|
"tokio",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
2024-12-10 06:43:34 +03:00
|
|
|
[[package]]
|
|
|
|
name = "toml"
|
|
|
|
version = "0.5.11"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "f4f7f0dd8d50a853a531c426359045b1998f04219d88799810762cd4ad314234"
|
|
|
|
dependencies = [
|
|
|
|
"serde",
|
|
|
|
]
|
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "tracing"
|
2024-11-28 06:26:09 +03:00
|
|
|
version = "0.1.41"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-28 06:26:09 +03:00
|
|
|
checksum = "784e0ac535deb450455cbfa28a6f0df145ea1bb7ae51b821cf5e7927fdcfbdd0"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-06-07 09:52:19 +03:00
|
|
|
"log",
|
|
|
|
"pin-project-lite",
|
|
|
|
"tracing-attributes",
|
|
|
|
"tracing-core",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "tracing-attributes"
|
2024-11-28 06:26:09 +03:00
|
|
|
version = "0.1.28"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-28 06:26:09 +03:00
|
|
|
checksum = "395ae124c09f9e6918a2310af6038fba074bcf474ac352496d5910dd59a2226d"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-06-07 09:52:19 +03:00
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"syn",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "tracing-core"
|
2024-11-28 06:26:09 +03:00
|
|
|
version = "0.1.33"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-28 06:26:09 +03:00
|
|
|
checksum = "e672c95779cf947c5311f83787af4fa8fffd12fb27e4993211a84bdfd9610f9c"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-06-07 09:52:19 +03:00
|
|
|
"once_cell",
|
2023-08-29 13:07:05 +03:00
|
|
|
"valuable",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "tracing-log"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.2.0"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "ee855f1f400bd0e5c02d150ae5de3840039a3f54b025156404e34c23c03f47c3"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"log",
|
2024-04-19 23:14:13 +03:00
|
|
|
"once_cell",
|
2023-08-29 13:07:05 +03:00
|
|
|
"tracing-core",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "tracing-subscriber"
|
2024-12-03 19:24:21 +03:00
|
|
|
version = "0.3.19"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-03 19:24:21 +03:00
|
|
|
checksum = "e8189decb5ac0fa7bc8b96b7cb9b2701d60d48805aca84a238004d665fcc4008"
|
2023-08-29 13:07:05 +03:00
|
|
|
dependencies = [
|
|
|
|
"matchers",
|
2024-01-31 09:54:33 +03:00
|
|
|
"nu-ansi-term",
|
2023-08-29 13:07:05 +03:00
|
|
|
"once_cell",
|
|
|
|
"regex",
|
|
|
|
"sharded-slab",
|
|
|
|
"smallvec",
|
|
|
|
"thread_local",
|
|
|
|
"tracing",
|
|
|
|
"tracing-core",
|
|
|
|
"tracing-log",
|
|
|
|
]
|
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "typenum"
|
2023-10-11 10:36:45 +03:00
|
|
|
version = "1.17.0"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-10-11 10:36:45 +03:00
|
|
|
checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
2024-12-10 06:43:34 +03:00
|
|
|
[[package]]
|
|
|
|
name = "unicase"
|
|
|
|
version = "2.8.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "7e51b68083f157f853b6379db119d1c1be0e6e4dec98101079dec41f6f5cf6df"
|
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "unicode-bidi"
|
2024-11-09 06:39:11 +03:00
|
|
|
version = "0.3.17"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-09 06:39:11 +03:00
|
|
|
checksum = "5ab17db44d7388991a428b2ee655ce0c212e862eff1768a455c58f9aad6e7893"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "unicode-ident"
|
2024-11-28 06:26:09 +03:00
|
|
|
version = "1.0.14"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-28 06:26:09 +03:00
|
|
|
checksum = "adb9e6ca4f869e1180728b7950e35922a7fc6397f7b641499e8f3ef06e50dc83"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "unicode-normalization"
|
2024-09-19 11:57:19 +03:00
|
|
|
version = "0.1.24"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-19 11:57:19 +03:00
|
|
|
checksum = "5033c97c4262335cded6d6fc3e5c18ab755e1a3dc96376350f3d8e9f009ad956"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-06-07 09:52:19 +03:00
|
|
|
"tinyvec",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
2024-05-28 08:38:11 +03:00
|
|
|
[[package]]
|
|
|
|
name = "unicode-properties"
|
2024-11-09 06:39:11 +03:00
|
|
|
version = "0.1.3"
|
2024-05-28 08:38:11 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-09 06:39:11 +03:00
|
|
|
checksum = "e70f2a8b45122e719eb623c01822704c4e0907e7e426a05927e1a1cfff5b75d0"
|
2024-05-28 08:38:11 +03:00
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "unicode-segmentation"
|
2024-09-19 11:57:19 +03:00
|
|
|
version = "1.12.0"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-19 11:57:19 +03:00
|
|
|
checksum = "f6ccf251212114b54433ec949fd6a7841275f9ada20dddd2f29e9ceea4501493"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "unicode_categories"
|
|
|
|
version = "0.1.1"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-06-07 09:52:19 +03:00
|
|
|
checksum = "39ec24b3121d976906ece63c9daad25b85969647682eee313cb5779fdd69e14e"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
2024-12-10 06:43:34 +03:00
|
|
|
[[package]]
|
|
|
|
name = "uniffi"
|
|
|
|
version = "0.28.3"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "4cb08c58c7ed7033150132febe696bef553f891b1ede57424b40d87a89e3c170"
|
|
|
|
dependencies = [
|
|
|
|
"anyhow",
|
|
|
|
"camino",
|
|
|
|
"cargo_metadata",
|
|
|
|
"clap",
|
|
|
|
"uniffi_bindgen",
|
|
|
|
"uniffi_build",
|
|
|
|
"uniffi_core",
|
|
|
|
"uniffi_macros",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "uniffi_bindgen"
|
|
|
|
version = "0.28.3"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "cade167af943e189a55020eda2c314681e223f1e42aca7c4e52614c2b627698f"
|
|
|
|
dependencies = [
|
|
|
|
"anyhow",
|
|
|
|
"askama",
|
|
|
|
"camino",
|
|
|
|
"cargo_metadata",
|
|
|
|
"fs-err",
|
|
|
|
"glob",
|
|
|
|
"goblin",
|
|
|
|
"heck",
|
|
|
|
"once_cell",
|
|
|
|
"paste",
|
|
|
|
"serde",
|
|
|
|
"textwrap",
|
|
|
|
"toml",
|
|
|
|
"uniffi_meta",
|
|
|
|
"uniffi_udl",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "uniffi_build"
|
|
|
|
version = "0.28.3"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "4c7cf32576e08104b7dc2a6a5d815f37616e66c6866c2a639fe16e6d2286b75b"
|
|
|
|
dependencies = [
|
|
|
|
"anyhow",
|
|
|
|
"camino",
|
|
|
|
"uniffi_bindgen",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "uniffi_checksum_derive"
|
|
|
|
version = "0.28.3"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "802d2051a700e3ec894c79f80d2705b69d85844dafbbe5d1a92776f8f48b563a"
|
|
|
|
dependencies = [
|
|
|
|
"quote",
|
|
|
|
"syn",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "uniffi_core"
|
|
|
|
version = "0.28.3"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "bc7687007d2546c454d8ae609b105daceb88175477dac280707ad6d95bcd6f1f"
|
|
|
|
dependencies = [
|
|
|
|
"anyhow",
|
|
|
|
"bytes",
|
|
|
|
"log",
|
|
|
|
"once_cell",
|
|
|
|
"paste",
|
|
|
|
"static_assertions",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "uniffi_macros"
|
|
|
|
version = "0.28.3"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "12c65a5b12ec544ef136693af8759fb9d11aefce740fb76916721e876639033b"
|
|
|
|
dependencies = [
|
|
|
|
"bincode",
|
|
|
|
"camino",
|
|
|
|
"fs-err",
|
|
|
|
"once_cell",
|
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
|
|
|
"serde",
|
|
|
|
"syn",
|
|
|
|
"toml",
|
|
|
|
"uniffi_meta",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "uniffi_meta"
|
|
|
|
version = "0.28.3"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "4a74ed96c26882dac1ca9b93ca23c827e284bacbd7ec23c6f0b0372f747d59e4"
|
|
|
|
dependencies = [
|
|
|
|
"anyhow",
|
|
|
|
"bytes",
|
|
|
|
"siphasher",
|
|
|
|
"uniffi_checksum_derive",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "uniffi_testing"
|
|
|
|
version = "0.28.3"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "6a6f984f0781f892cc864a62c3a5c60361b1ccbd68e538e6c9fbced5d82268ac"
|
|
|
|
dependencies = [
|
|
|
|
"anyhow",
|
|
|
|
"camino",
|
|
|
|
"cargo_metadata",
|
|
|
|
"fs-err",
|
|
|
|
"once_cell",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "uniffi_udl"
|
|
|
|
version = "0.28.3"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "037820a4cfc4422db1eaa82f291a3863c92c7d1789dc513489c36223f9b4cdfc"
|
|
|
|
dependencies = [
|
|
|
|
"anyhow",
|
|
|
|
"textwrap",
|
|
|
|
"uniffi_meta",
|
|
|
|
"uniffi_testing",
|
|
|
|
"weedle2",
|
|
|
|
]
|
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "untrusted"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.9.0"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "url"
|
2024-11-28 06:26:09 +03:00
|
|
|
version = "2.5.4"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-28 06:26:09 +03:00
|
|
|
checksum = "32f8b686cadd1473f4bd0117a5d28d36b1ade384ea9b5069a1c40aefed7fda60"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-06-07 09:52:19 +03:00
|
|
|
"form_urlencoded",
|
|
|
|
"idna",
|
|
|
|
"percent-encoding",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
2024-11-09 06:39:11 +03:00
|
|
|
[[package]]
|
|
|
|
name = "utf16_iter"
|
|
|
|
version = "1.0.5"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "c8232dd3cdaed5356e0f716d285e4b40b932ac434100fe9b7e0e8e935b9e6246"
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "utf8_iter"
|
|
|
|
version = "1.0.4"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be"
|
|
|
|
|
2024-12-10 06:43:34 +03:00
|
|
|
[[package]]
|
|
|
|
name = "utf8parse"
|
|
|
|
version = "0.2.2"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821"
|
|
|
|
|
2024-09-10 07:03:58 +03:00
|
|
|
[[package]]
|
|
|
|
name = "v_htmlescape"
|
|
|
|
version = "0.15.8"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "4e8257fbc510f0a46eb602c10215901938b5c2a7d5e70fc11483b1d3c9b5b18c"
|
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "valuable"
|
|
|
|
version = "0.1.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d"
|
|
|
|
|
2023-05-17 07:36:51 +03:00
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "vcpkg"
|
|
|
|
version = "0.2.15"
|
2023-05-17 07:36:51 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-06-07 09:52:19 +03:00
|
|
|
checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
|
2023-05-17 07:36:51 +03:00
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "version_check"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.9.5"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
2023-05-17 07:36:51 +03:00
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "walkdir"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "2.5.0"
|
2023-05-17 07:36:51 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "29790946404f91d9c5d06f9874efddea1dc06c5efe94541a7d6863108e3a5e4b"
|
2023-05-17 07:36:51 +03:00
|
|
|
dependencies = [
|
2023-06-07 09:52:19 +03:00
|
|
|
"same-file",
|
|
|
|
"winapi-util",
|
2023-05-17 07:36:51 +03:00
|
|
|
]
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
|
|
|
name = "wasi"
|
|
|
|
version = "0.11.0+wasi-snapshot-preview1"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
|
|
|
|
|
2024-04-08 05:46:13 +03:00
|
|
|
[[package]]
|
|
|
|
name = "wasite"
|
|
|
|
version = "0.1.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "b8dad83b4f25e74f184f64c43b150b91efe7647395b42289f38e50566d82855b"
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
|
|
|
name = "wasm-bindgen"
|
2024-12-13 16:04:06 +03:00
|
|
|
version = "0.2.99"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-13 16:04:06 +03:00
|
|
|
checksum = "a474f6281d1d70c17ae7aa6a613c87fce69a127e2624002df63dcb39d6cf6396"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-06-07 09:52:19 +03:00
|
|
|
"cfg-if",
|
2024-09-03 10:42:54 +03:00
|
|
|
"once_cell",
|
2023-06-07 09:52:19 +03:00
|
|
|
"wasm-bindgen-macro",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "wasm-bindgen-backend"
|
2024-12-13 16:04:06 +03:00
|
|
|
version = "0.2.99"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-13 16:04:06 +03:00
|
|
|
checksum = "5f89bb38646b4f81674e8f5c3fb81b562be1fd936d84320f3264486418519c79"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-06-07 09:52:19 +03:00
|
|
|
"bumpalo",
|
|
|
|
"log",
|
2023-05-10 12:16:48 +03:00
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"syn",
|
2023-06-07 09:52:19 +03:00
|
|
|
"wasm-bindgen-shared",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "wasm-bindgen-macro"
|
2024-12-13 16:04:06 +03:00
|
|
|
version = "0.2.99"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-13 16:04:06 +03:00
|
|
|
checksum = "2cc6181fd9a7492eef6fef1f33961e3695e4579b9872a6f7c83aee556666d4fe"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2023-06-07 09:52:19 +03:00
|
|
|
"quote",
|
|
|
|
"wasm-bindgen-macro-support",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
2023-05-17 07:36:51 +03:00
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "wasm-bindgen-macro-support"
|
2024-12-13 16:04:06 +03:00
|
|
|
version = "0.2.99"
|
2023-05-17 07:36:51 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-13 16:04:06 +03:00
|
|
|
checksum = "30d7a95b763d3c45903ed6c81f156801839e5ee968bb07e534c44df0fcd330c2"
|
2023-05-17 07:36:51 +03:00
|
|
|
dependencies = [
|
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"syn",
|
2023-06-07 09:52:19 +03:00
|
|
|
"wasm-bindgen-backend",
|
|
|
|
"wasm-bindgen-shared",
|
2023-05-17 07:36:51 +03:00
|
|
|
]
|
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "wasm-bindgen-shared"
|
2024-12-13 16:04:06 +03:00
|
|
|
version = "0.2.99"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-12-13 16:04:06 +03:00
|
|
|
checksum = "943aab3fdaaa029a6e0271b35ea10b72b943135afe9bffca82384098ad0e06a6"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "webpki-roots"
|
2024-11-28 06:26:09 +03:00
|
|
|
version = "0.26.7"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-28 06:26:09 +03:00
|
|
|
checksum = "5d642ff16b7e79272ae451b7322067cdc17cadf68c23264be9d94a32319efe7e"
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
dependencies = [
|
|
|
|
"rustls-pki-types",
|
|
|
|
]
|
2023-05-10 12:16:48 +03:00
|
|
|
|
2024-12-10 06:43:34 +03:00
|
|
|
[[package]]
|
|
|
|
name = "weedle2"
|
|
|
|
version = "5.0.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "998d2c24ec099a87daf9467808859f9d82b61f1d9c9701251aea037f514eae0e"
|
|
|
|
dependencies = [
|
|
|
|
"nom",
|
|
|
|
]
|
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
2023-06-07 09:52:19 +03:00
|
|
|
name = "whoami"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "1.5.2"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "372d5b87f58ec45c384ba03563b03544dc5fadc3983e434b286913f5b4a9bb6d"
|
2024-04-08 05:46:13 +03:00
|
|
|
dependencies = [
|
2024-09-03 10:42:54 +03:00
|
|
|
"redox_syscall",
|
2024-04-08 05:46:13 +03:00
|
|
|
"wasite",
|
|
|
|
]
|
2023-05-10 12:16:48 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "winapi"
|
|
|
|
version = "0.3.9"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
|
|
|
|
dependencies = [
|
|
|
|
"winapi-i686-pc-windows-gnu",
|
|
|
|
"winapi-x86_64-pc-windows-gnu",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "winapi-i686-pc-windows-gnu"
|
|
|
|
version = "0.4.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "winapi-util"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.1.9"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2024-09-03 10:42:54 +03:00
|
|
|
"windows-sys 0.59.0",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "winapi-x86_64-pc-windows-gnu"
|
|
|
|
version = "0.4.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.58.0"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "dd04d41d93c4992d421894c18c8b43496aa748dd4c081bac0dc93eb0489272b6"
|
2023-06-07 09:52:19 +03:00
|
|
|
dependencies = [
|
2024-09-03 10:42:54 +03:00
|
|
|
"windows-core 0.58.0",
|
|
|
|
"windows-targets 0.52.6",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
2023-10-23 06:00:15 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows-core"
|
2024-04-19 23:14:13 +03:00
|
|
|
version = "0.52.0"
|
2023-10-23 06:00:15 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-04-19 23:14:13 +03:00
|
|
|
checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9"
|
2023-10-23 06:00:15 +03:00
|
|
|
dependencies = [
|
2024-09-03 10:42:54 +03:00
|
|
|
"windows-targets 0.52.6",
|
2023-10-23 06:00:15 +03:00
|
|
|
]
|
|
|
|
|
2024-05-16 12:15:58 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows-core"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.58.0"
|
2024-05-16 12:15:58 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "6ba6d44ec8c2591c134257ce647b7ea6b20335bf6379a27dac5f1641fcf59f99"
|
2024-05-16 12:15:58 +03:00
|
|
|
dependencies = [
|
2024-09-03 10:42:54 +03:00
|
|
|
"windows-implement",
|
|
|
|
"windows-interface",
|
2024-05-16 12:15:58 +03:00
|
|
|
"windows-result",
|
2024-09-03 10:42:54 +03:00
|
|
|
"windows-strings",
|
|
|
|
"windows-targets 0.52.6",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "windows-implement"
|
|
|
|
version = "0.58.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "2bbd5b46c938e506ecbce286b6628a02171d56153ba733b6c741fc627ec9579b"
|
|
|
|
dependencies = [
|
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
|
|
|
"syn",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "windows-interface"
|
|
|
|
version = "0.58.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "053c4c462dc91d3b1504c6fe5a726dd15e216ba718e84a0e46a88fbe5ded3515"
|
|
|
|
dependencies = [
|
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
|
|
|
"syn",
|
2024-05-16 12:15:58 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "windows-result"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.2.0"
|
2024-05-16 12:15:58 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "1d1043d8214f791817bab27572aaa8af63732e11bf84aa21a45a78d6c317ae0e"
|
2024-05-16 12:15:58 +03:00
|
|
|
dependencies = [
|
2024-09-03 10:42:54 +03:00
|
|
|
"windows-targets 0.52.6",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "windows-strings"
|
|
|
|
version = "0.1.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "4cd9b125c486025df0eabcb585e62173c6c9eddcec5d117d3b6e8c30e2ee4d10"
|
|
|
|
dependencies = [
|
|
|
|
"windows-result",
|
|
|
|
"windows-targets 0.52.6",
|
2024-05-16 12:15:58 +03:00
|
|
|
]
|
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows-sys"
|
|
|
|
version = "0.48.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9"
|
|
|
|
dependencies = [
|
2024-04-19 23:14:13 +03:00
|
|
|
"windows-targets 0.48.5",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "windows-sys"
|
|
|
|
version = "0.52.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d"
|
|
|
|
dependencies = [
|
2024-09-03 10:42:54 +03:00
|
|
|
"windows-targets 0.52.6",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "windows-sys"
|
|
|
|
version = "0.59.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b"
|
|
|
|
dependencies = [
|
|
|
|
"windows-targets 0.52.6",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "windows-targets"
|
2023-08-31 11:39:19 +03:00
|
|
|
version = "0.48.5"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-31 11:39:19 +03:00
|
|
|
checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c"
|
2023-05-10 12:16:48 +03:00
|
|
|
dependencies = [
|
2024-04-19 23:14:13 +03:00
|
|
|
"windows_aarch64_gnullvm 0.48.5",
|
|
|
|
"windows_aarch64_msvc 0.48.5",
|
|
|
|
"windows_i686_gnu 0.48.5",
|
|
|
|
"windows_i686_msvc 0.48.5",
|
|
|
|
"windows_x86_64_gnu 0.48.5",
|
|
|
|
"windows_x86_64_gnullvm 0.48.5",
|
|
|
|
"windows_x86_64_msvc 0.48.5",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "windows-targets"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.52.6"
|
2024-04-19 23:14:13 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973"
|
2024-04-19 23:14:13 +03:00
|
|
|
dependencies = [
|
2024-09-03 10:42:54 +03:00
|
|
|
"windows_aarch64_gnullvm 0.52.6",
|
|
|
|
"windows_aarch64_msvc 0.52.6",
|
|
|
|
"windows_i686_gnu 0.52.6",
|
2024-04-19 23:14:13 +03:00
|
|
|
"windows_i686_gnullvm",
|
2024-09-03 10:42:54 +03:00
|
|
|
"windows_i686_msvc 0.52.6",
|
|
|
|
"windows_x86_64_gnu 0.52.6",
|
|
|
|
"windows_x86_64_gnullvm 0.52.6",
|
|
|
|
"windows_x86_64_msvc 0.52.6",
|
2023-05-10 12:16:48 +03:00
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "windows_aarch64_gnullvm"
|
2023-08-31 11:39:19 +03:00
|
|
|
version = "0.48.5"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-31 11:39:19 +03:00
|
|
|
checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
2024-04-19 23:14:13 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows_aarch64_gnullvm"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.52.6"
|
2024-04-19 23:14:13 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3"
|
2024-04-19 23:14:13 +03:00
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows_aarch64_msvc"
|
2023-08-31 11:39:19 +03:00
|
|
|
version = "0.48.5"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-31 11:39:19 +03:00
|
|
|
checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
2024-04-19 23:14:13 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows_aarch64_msvc"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.52.6"
|
2024-04-19 23:14:13 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469"
|
2024-04-19 23:14:13 +03:00
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows_i686_gnu"
|
2023-08-31 11:39:19 +03:00
|
|
|
version = "0.48.5"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-31 11:39:19 +03:00
|
|
|
checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
2024-04-19 23:14:13 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows_i686_gnu"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.52.6"
|
2024-04-19 23:14:13 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b"
|
2024-04-19 23:14:13 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "windows_i686_gnullvm"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.52.6"
|
2024-04-19 23:14:13 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66"
|
2024-04-19 23:14:13 +03:00
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows_i686_msvc"
|
2023-08-31 11:39:19 +03:00
|
|
|
version = "0.48.5"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-31 11:39:19 +03:00
|
|
|
checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
2024-04-19 23:14:13 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows_i686_msvc"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.52.6"
|
2024-04-19 23:14:13 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66"
|
2024-04-19 23:14:13 +03:00
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows_x86_64_gnu"
|
2023-08-31 11:39:19 +03:00
|
|
|
version = "0.48.5"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-31 11:39:19 +03:00
|
|
|
checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
2024-04-19 23:14:13 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows_x86_64_gnu"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.52.6"
|
2024-04-19 23:14:13 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78"
|
2024-04-19 23:14:13 +03:00
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows_x86_64_gnullvm"
|
2023-08-31 11:39:19 +03:00
|
|
|
version = "0.48.5"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-31 11:39:19 +03:00
|
|
|
checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc"
|
2023-05-10 12:16:48 +03:00
|
|
|
|
2024-04-19 23:14:13 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows_x86_64_gnullvm"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.52.6"
|
2024-04-19 23:14:13 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d"
|
2024-04-19 23:14:13 +03:00
|
|
|
|
2023-05-10 12:16:48 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows_x86_64_msvc"
|
2023-08-31 11:39:19 +03:00
|
|
|
version = "0.48.5"
|
2023-08-29 13:07:05 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-31 11:39:19 +03:00
|
|
|
checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538"
|
2023-08-29 13:07:05 +03:00
|
|
|
|
2024-04-19 23:14:13 +03:00
|
|
|
[[package]]
|
|
|
|
name = "windows_x86_64_msvc"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.52.6"
|
2024-04-19 23:14:13 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"
|
2024-04-19 23:14:13 +03:00
|
|
|
|
2024-11-09 06:39:11 +03:00
|
|
|
[[package]]
|
|
|
|
name = "write16"
|
|
|
|
version = "1.0.0"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "d1890f4022759daae28ed4fe62859b1236caebfc61ede2f63ed4e695f3f6d936"
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "writeable"
|
|
|
|
version = "0.5.5"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "1e9df38ee2d2c3c5948ea468a8406ff0db0b29ae1ffde1bcf20ef305bcc95c51"
|
|
|
|
|
2023-08-29 13:07:05 +03:00
|
|
|
[[package]]
|
|
|
|
name = "wyz"
|
|
|
|
version = "0.5.1"
|
2023-05-10 12:16:48 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2023-08-29 13:07:05 +03:00
|
|
|
checksum = "05f360fc0b24296329c78fda852a1e9ae82de9cf7b27dae4b7f62f118f77b9ed"
|
|
|
|
dependencies = [
|
|
|
|
"tap",
|
|
|
|
]
|
|
|
|
|
2024-01-31 09:54:33 +03:00
|
|
|
[[package]]
|
|
|
|
name = "y-octo"
|
|
|
|
version = "0.0.1"
|
2024-09-03 10:42:54 +03:00
|
|
|
source = "git+https://github.com/y-crdt/y-octo.git?branch=main#45ac3de62de583ee666d8870435eb8c071d89250"
|
2024-01-31 09:54:33 +03:00
|
|
|
dependencies = [
|
|
|
|
"ahash",
|
|
|
|
"arbitrary",
|
|
|
|
"bitvec",
|
|
|
|
"byteorder",
|
|
|
|
"lasso",
|
|
|
|
"log",
|
|
|
|
"loom",
|
|
|
|
"nanoid",
|
|
|
|
"nom",
|
|
|
|
"ordered-float",
|
|
|
|
"rand",
|
|
|
|
"rand_chacha",
|
|
|
|
"rand_distr",
|
|
|
|
"serde",
|
|
|
|
"serde_json",
|
|
|
|
"smol_str",
|
|
|
|
"thiserror",
|
|
|
|
]
|
|
|
|
|
2024-11-09 06:39:11 +03:00
|
|
|
[[package]]
|
|
|
|
name = "yoke"
|
2024-11-28 06:26:09 +03:00
|
|
|
version = "0.7.5"
|
2024-11-09 06:39:11 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-28 06:26:09 +03:00
|
|
|
checksum = "120e6aef9aa629e3d4f52dc8cc43a015c7724194c97dfaf45180d2daf2b77f40"
|
2024-11-09 06:39:11 +03:00
|
|
|
dependencies = [
|
|
|
|
"serde",
|
|
|
|
"stable_deref_trait",
|
|
|
|
"yoke-derive",
|
|
|
|
"zerofrom",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "yoke-derive"
|
2024-11-28 06:26:09 +03:00
|
|
|
version = "0.7.5"
|
2024-11-09 06:39:11 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-28 06:26:09 +03:00
|
|
|
checksum = "2380878cad4ac9aac1e2435f3eb4020e8374b5f13c296cb75b4620ff8e229154"
|
2024-11-09 06:39:11 +03:00
|
|
|
dependencies = [
|
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
|
|
|
"syn",
|
|
|
|
"synstructure",
|
|
|
|
]
|
|
|
|
|
2023-11-27 10:24:07 +03:00
|
|
|
[[package]]
|
|
|
|
name = "zerocopy"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.7.35"
|
2023-11-27 10:24:07 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0"
|
2023-11-27 10:24:07 +03:00
|
|
|
dependencies = [
|
2024-09-03 10:42:54 +03:00
|
|
|
"byteorder",
|
2023-11-27 10:24:07 +03:00
|
|
|
"zerocopy-derive",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "zerocopy-derive"
|
2024-09-03 10:42:54 +03:00
|
|
|
version = "0.7.35"
|
2023-11-27 10:24:07 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-09-03 10:42:54 +03:00
|
|
|
checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e"
|
2023-11-27 10:24:07 +03:00
|
|
|
dependencies = [
|
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` |
### GitHub Vulnerability Alerts
#### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440)
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:
> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
> <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf>
> (Archive link for posterity.)
Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.
It appears SQLx _does_ perform truncating casts in a way that could be problematic,
for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163>
This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions `<= 0.8.0` are affected.
## Mitigation
As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.
[`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint)
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the `Json<T>` and `Text<T>` adapters have no reasonable way to predict or estimate the final encoded size,
so they just return `size_of::<T>()` instead.
For web application backends, consider adding some middleware that limits the size of request bodies by default.
## Resolution
Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
and to manually audit the code that they flag.
A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
---
### Release Notes
<details>
<summary>launchbadge/sqlx (sqlx)</summary>
### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1)
16 pull requests were merged this release cycle.
This release contains a fix for [RUSTSEC-2024-0363].
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
[#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901)
MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless.
##### Added
- \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]]
- Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version.
##### Changed
- \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]]
- This is a helper module for the macros and was not meant to be exposed.
- It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
Use at your own risk.
- \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]]
- RusTLS now has pluggable cryptography providers: `ring` (the existing implementation),
and `aws-lc-rs` which has optional FIPS certification.
- The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`)
enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change.
- Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider.
- If using `runtime-tokio-rustls` or `runtime-async-std-rustls`,
this will necessitate switching to the appropriate non-legacy runtime feature:
`runtime-tokio` or `runtime-async-std`
- See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers>
##### Fixed
- \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]]
- \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]]
- \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]]
- \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]]
- \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]]
- \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]]
- This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite.
[#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786
[#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354
[#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371
[#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374
[#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376
[#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380
[#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381
[#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382
[#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384
[#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385
[#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386
[#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389
[#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399
[#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417
[#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421
[#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441
[RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html
### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22)
[Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0)
70 pull requests were merged this release cycle.
[#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
##### Breaking
- \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]]
- \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- Deprecated type ascription syntax in the query macros was removed.
- \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]]
- Potentially breaking: nullability inference changes for Postgres.
- \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]]
- Conflicts with existing manual implementations.
- \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]]
- Changes lifetime obligations for field types.
- \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]]
- Potentially breaking: nullability inference changes for SQLite.
- \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now.
- \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]]
- \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]]
- Breaking changes to `MigrateError`.
- \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]]
- (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning.
- Breaking change: added field to `Migration`
- \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]]
- integer decoding will now loudly error on overflow instead of silently truncating.
- some usages of the query!() macros might change an i32 to an i64.
- \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur.
- Type equality for PgTypeInfo is now schema-aware.
- \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]]
- Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
- \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]]
- Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`.
- Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error.
This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
- Instead, create a wrapper implementing `From` and apply the default explicitly.
- \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]]
- Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins).
- \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects.
##### Added
- \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]]
- \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]]
- \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]]
- \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]]
- \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]]
- \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]]
- \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]]
- \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]]
- \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]]
##### Changed
- \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]]
- \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]]
- \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]]
- Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees.
- \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]]
- \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
##### Fixed
- \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]]
- \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]]
- \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]]
- \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]]
- \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]]
- \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]]
- \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]]
- \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]]
- \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]]
- \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]]
- \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]]
- \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]]
- \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]]
- \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]]
- \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]]
- \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]]
- \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]]
- \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]]
- \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]]
- \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]]
- \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]]
- \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]]
- \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]]
- \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]]
- \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]]
- \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]]
- (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`.
[#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482
[#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652
[#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697
[#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702
[#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736
[#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869
[#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917
[#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940
[#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954
[#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960
[#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970
[#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973
[#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064
[#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073
[#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113
[#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123
[#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126
[#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130
[#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137
[#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138
[#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146
[#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148
[#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154
[#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162
[#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165
[#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167
[#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172
[#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173
[#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181
[#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184
[#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188
[#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190
[#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191
[#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194
[#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216
[#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230
[#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233
[#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234
[#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236
[#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244
[#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252
[#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254
[#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260
[#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265
[#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266
[#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267
[#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271
[#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276
[#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279
[#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285
[#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288
[#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291
[#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293
[#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297
[#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298
[#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303
[#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311
[#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312
[#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327
[#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328
[#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329
[#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337
[#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340
[#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341
[#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343
[#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346
[#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350
[#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352
[#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353
[#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-08-24 15:47:32 +03:00
|
|
|
"syn",
|
2024-06-11 12:07:25 +03:00
|
|
|
]
|
|
|
|
|
2024-11-09 06:39:11 +03:00
|
|
|
[[package]]
|
|
|
|
name = "zerofrom"
|
2024-11-28 06:26:09 +03:00
|
|
|
version = "0.1.5"
|
2024-11-09 06:39:11 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-28 06:26:09 +03:00
|
|
|
checksum = "cff3ee08c995dee1859d998dea82f7374f2826091dd9cd47def953cae446cd2e"
|
2024-11-09 06:39:11 +03:00
|
|
|
dependencies = [
|
|
|
|
"zerofrom-derive",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "zerofrom-derive"
|
2024-11-28 06:26:09 +03:00
|
|
|
version = "0.1.5"
|
2024-11-09 06:39:11 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-11-28 06:26:09 +03:00
|
|
|
checksum = "595eed982f7d355beb85837f651fa22e90b3c044842dc7f2c2842c086f295808"
|
2024-11-09 06:39:11 +03:00
|
|
|
dependencies = [
|
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
|
|
|
"syn",
|
|
|
|
"synstructure",
|
|
|
|
]
|
|
|
|
|
2023-06-07 09:52:19 +03:00
|
|
|
[[package]]
|
|
|
|
name = "zeroize"
|
2024-05-28 08:38:11 +03:00
|
|
|
version = "1.8.1"
|
2023-06-07 09:52:19 +03:00
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
2024-05-28 08:38:11 +03:00
|
|
|
checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde"
|
2024-11-09 06:39:11 +03:00
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "zerovec"
|
|
|
|
version = "0.10.4"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "aa2b893d79df23bfb12d5461018d408ea19dfafe76c2c7ef6d4eba614f8ff079"
|
|
|
|
dependencies = [
|
|
|
|
"yoke",
|
|
|
|
"zerofrom",
|
|
|
|
"zerovec-derive",
|
|
|
|
]
|
|
|
|
|
|
|
|
[[package]]
|
|
|
|
name = "zerovec-derive"
|
|
|
|
version = "0.10.3"
|
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
checksum = "6eafa6dfb17584ea3e2bd6e76e0cc15ad7af12b09abdd1ca55961bed9b1063c6"
|
|
|
|
dependencies = [
|
|
|
|
"proc-macro2",
|
|
|
|
"quote",
|
|
|
|
"syn",
|
|
|
|
]
|