fix(deps): update rust crate sqlx to v0.8.1 #21

Merged

kjuulh merged 1 commits from renovate/all into main 2024-08-24 10:08:03 +02:00

Conversation 0 Commits 1 Files Changed 1 +42 -76

kjuulh commented 2024-08-24 10:07:54 +02:00

Owner

Copy Link

This PR contains the following updates:

Package	Type	Update	Change
sqlx	dependencies	patch	0.8.0 -> 0.8.1

---

⚠️ Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

launchbadge/sqlx (sqlx)

v0.8.1

Compare Source

16 pull requests were merged this release cycle.

This release contains a fix for RUSTSEC-2024-0363.

Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
#​3440 (comment)

MySQL and SQLite do not appear to be exploitable, but upgrading is recommended nonetheless.

Added

• [#​3421]: correct spelling of MySqlConnectOptions::no_engine_substitution() [[@​kolinfluence]]
  • Deprecates MySqlConnectOptions::no_engine_subsitution() (oops) in favor of the correctly spelled version.

Changed

• [#​3376]: doc: hide spec_error module [[@​abonander]]
  • This is a helper module for the macros and was not meant to be exposed.
  • It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
    Use at your own risk.
• [#​3382]: feat: bumped to libsqlite3-sys=0.30.1 to support sqlite 3.46 [[@​CommanderStorm]]
• [#​3385]: chore(examples):Migrated the pg-chat example to ratatui [[@​CommanderStorm]]
• [#​3399]: Upgrade to rustls 0.23 [[@​djc]]
  • RusTLS now has pluggable cryptography providers: ring (the existing implementation),
    and aws-lc-rs which has optional FIPS certification.
  • The existing features activating RusTLS (runtime-tokio-rustls, runtime-async-std-rustls, tls-rustls)
    enable the ring provider of RusTLS to match the existing behavior so this should not be a breaking change.
  • Switch to the tls-rustls-aws-lc-rs feature to use the aws-lc-rs provider.
    • If using runtime-tokio-rustls or runtime-async-std-rustls,
      this will necessitate switching to the appropriate non-legacy runtime feature:
      runtime-tokio or runtime-async-std
  • See the RusTLS README for more details: https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers

Fixed

• [#​2786]: fix(sqlx-cli): do not clean sqlx during prepare [[@​cycraig]]
• [#​3354]: sqlite: fix inconsistent read-after-write [[@​ckampfe]]
• [#​3371]: Fix encoding and decoding of MySQL enums in sqlx::Type [[@​alu]]
• [#​3374]: fix: usage of node12 in SQLx action [[@​hamirmahal]]
• [#​3380]: chore: replace structopt with clap in examples [[@​tottoto]]
• [#​3381]: Fix CI after Rust 1.80, remove dead feature references [[@​abonander]]
• [#​3384]: chore(tests): fixed deprecation warnings [[@​CommanderStorm]]
• [#​3386]: fix(dependencys):bumped cargo_metadata to v0.18.1 to avoid yanked v0.14.3 [[@​CommanderStorm]]
• [#​3389]: fix(cli): typo in error for required DB URL [[@​ods]]
• [#​3417]: Update version to 0.8 in README [[@​soucosmo]]
• [#​3441]: fix: audit protocol handling [[@​abonander]]
  • This addresses RUSTSEC-2024-0363 and includes regression tests for MySQL, Postgres and SQLite.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [sqlx](https://github.com/launchbadge/sqlx) | dependencies | patch | `0.8.0` -> `0.8.1` | --- > ⚠️ **Warning** > > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>launchbadge/sqlx (sqlx)</summary> ### [`v0.8.1`](https://github.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23) [Compare Source](https://github.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1) 16 pull requests were merged this release cycle. This release contains a fix for [RUSTSEC-2024-0363]. Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated: [#&#8203;3440 (comment)](https://github.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901) MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless. ##### Added - \[[#&#8203;3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@&#8203;kolinfluence](https://github.com/kolinfluence)]] - Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version. ##### Changed - \[[#&#8203;3376]]: doc: hide `spec_error` module \[\[[@&#8203;abonander](https://github.com/abonander)]] - This is a helper module for the macros and was not meant to be exposed. - It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API. Use at your own risk. - \[[#&#8203;3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@&#8203;CommanderStorm](https://github.com/CommanderStorm)]] - \[[#&#8203;3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@&#8203;CommanderStorm](https://github.com/CommanderStorm)]] - \[[#&#8203;3399]]: Upgrade to rustls 0.23 \[\[[@&#8203;djc](https://github.com/djc)]] - RusTLS now has pluggable cryptography providers: `ring` (the existing implementation), and `aws-lc-rs` which has optional FIPS certification. - The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`) enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change. - Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider. - If using `runtime-tokio-rustls` or `runtime-async-std-rustls`, this will necessitate switching to the appropriate non-legacy runtime feature: `runtime-tokio` or `runtime-async-std` - See the RusTLS README for more details: <https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers> ##### Fixed - \[[#&#8203;2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@&#8203;cycraig](https://github.com/cycraig)]] - \[[#&#8203;3354]]: sqlite: fix inconsistent read-after-write \[\[[@&#8203;ckampfe](https://github.com/ckampfe)]] - \[[#&#8203;3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@&#8203;alu](https://github.com/alu)]] - \[[#&#8203;3374]]: fix: usage of `node12` in `SQLx` action \[\[[@&#8203;hamirmahal](https://github.com/hamirmahal)]] - \[[#&#8203;3380]]: chore: replace structopt with clap in examples \[\[[@&#8203;tottoto](https://github.com/tottoto)]] - \[[#&#8203;3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@&#8203;abonander](https://github.com/abonander)]] - \[[#&#8203;3384]]: chore(tests): fixed deprecation warnings \[\[[@&#8203;CommanderStorm](https://github.com/CommanderStorm)]] - \[[#&#8203;3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@&#8203;CommanderStorm](https://github.com/CommanderStorm)]] - \[[#&#8203;3389]]: fix(cli): typo in error for required DB URL \[\[[@&#8203;ods](https://github.com/ods)]] - \[[#&#8203;3417]]: Update version to 0.8 in README \[\[[@&#8203;soucosmo](https://github.com/soucosmo)]] - \[[#&#8203;3441]]: fix: audit protocol handling \[\[[@&#8203;abonander](https://github.com/abonander)]] - This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite. [#&#8203;2786]: https://github.com/launchbadge/sqlx/pull/2786 [#&#8203;3354]: https://github.com/launchbadge/sqlx/pull/3354 [#&#8203;3371]: https://github.com/launchbadge/sqlx/pull/3371 [#&#8203;3374]: https://github.com/launchbadge/sqlx/pull/3374 [#&#8203;3376]: https://github.com/launchbadge/sqlx/pull/3376 [#&#8203;3380]: https://github.com/launchbadge/sqlx/pull/3380 [#&#8203;3381]: https://github.com/launchbadge/sqlx/pull/3381 [#&#8203;3382]: https://github.com/launchbadge/sqlx/pull/3382 [#&#8203;3384]: https://github.com/launchbadge/sqlx/pull/3384 [#&#8203;3385]: https://github.com/launchbadge/sqlx/pull/3385 [#&#8203;3386]: https://github.com/launchbadge/sqlx/pull/3386 [#&#8203;3389]: https://github.com/launchbadge/sqlx/pull/3389 [#&#8203;3399]: https://github.com/launchbadge/sqlx/pull/3399 [#&#8203;3417]: https://github.com/launchbadge/sqlx/pull/3417 [#&#8203;3421]: https://github.com/launchbadge/sqlx/pull/3421 [#&#8203;3441]: https://github.com/launchbadge/sqlx/pull/3441 [RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MjQuMyIsInVwZGF0ZWRJblZlciI6IjM3LjQyNC4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

kjuulh added 1 commit 2024-08-24 10:07:54 +02:00

fix(deps): update rust crate sqlx to v0.8.1 8886af4a8f

kjuulh scheduled this pull request to auto merge when all checks succeed 2024-08-24 10:07:55 +02:00

kjuulh merged commit 8886af4a8f into main 2024-08-24 10:08:03 +02:00

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

No items

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: kjuulh/hyperlog#21

No description provided.