pborzenkov / koreader-syncd

KOReader progress sync server
MIT License
7 stars 1 forks source link

build(deps): bump sqlx from 0.8.0 to 0.8.1 #104

Closed dependabot[bot] closed 3 months ago

dependabot[bot] commented 3 months ago

Bumps sqlx from 0.8.0 to 0.8.1.

Changelog

Sourced from sqlx's changelog.

0.8.1 - 2024-08-23

16 pull requests were merged this release cycle.

This release contains a fix for [RUSTSEC-2024-0363].

Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated: launchbadge/sqlx#3440

MySQL and SQLite do not appear to be exploitable, but upgrading is recommended nonetheless.

Added

  • [#3421]: correct spelling of MySqlConnectOptions::no_engine_substitution() [[@​kolinfluence]]
    • Deprecates MySqlConnectOptions::no_engine_subsitution() (oops) in favor of the correctly spelled version.

Changed

  • [#3376]: doc: hide spec_error module [[@​abonander]]
    • This is a helper module for the macros and was not meant to be exposed.
    • It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API. Use at your own risk.
  • [#3382]: feat: bumped to libsqlite3-sys=0.30.1 to support sqlite 3.46 [[@​CommanderStorm]]
  • [#3385]: chore(examples):Migrated the pg-chat example to ratatui [[@​CommanderStorm]]
  • [#3399]: Upgrade to rustls 0.23 [[@​djc]]
    • RusTLS now has pluggable cryptography providers: ring (the existing implementation), and aws-lc-rs which has optional FIPS certification.
    • The existing features activating RusTLS (runtime-tokio-rustls, runtime-async-std-rustls, tls-rustls) enable the ring provider of RusTLS to match the existing behavior so this should not be a breaking change.
    • Switch to the tls-rustls-aws-lc-rs feature to use the aws-lc-rs provider.
      • If using runtime-tokio-rustls or runtime-async-std-rustls, this will necessitate switching to the appropriate non-legacy runtime feature: runtime-tokio or runtime-async-std
    • See the RusTLS README for more details: https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers

Fixed

#2786: launchbadge/sqlx#2786 #3354: launchbadge/sqlx#3354 #3371: launchbadge/sqlx#3371

... (truncated)

Commits
  • 9c94ce8 chore: prepare release 0.8.1
  • 0aa0676 chore(mysql): create regression test for RUSTSEC-2024-0363
  • 791433a chore(sqlite): create regression test for RUSTSEC-2024-0363
  • b1539b6 chore(postgres): create regression test for RUSTSEC-2024-0363
  • 9e3ece4 fix(postgres): use checked decrement on pending_ready_for_query_count
  • 823261a fix(mysql): don't use an arbitrary cfg for one test
  • b5c218e fix(postgres): fix missing inversion on PgNumeric::is_valid_digit()
  • 394a7e8 fix(sqlite): fix unit and doctests
  • 27c5730 fix(mysql): fix doctests
  • 71f72e2 fix(mysql): add sqlx as a dev-dependency for doctests
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)