Skip to content

Bump diesel from 2.3.6 to 2.3.8#22

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/diesel-2.3.8
Closed

Bump diesel from 2.3.6 to 2.3.8#22
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/diesel-2.3.8

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 6, 2026
edited
Loading

Bumps diesel from 2.3.6 to 2.3.8.

Changelog

Sourced from diesel's changelog.

[2.3.8] 2026-04-24

  • Added support for libsqlite3-sys 0.37.0
  • Raise a compile-time error when mixing aggregate and non-aggregate expressions in an ORDER BY clause without a GROUP BY clause
  • Calling .count() or .select(aggregate_expr) on a query that already has a non-aggregate .order_by() clause now raises a compile-time error instead of generating invalid SQL that would be rejected by the database at runtime (fixes #3815)
  • Added documentation for migration transaction behaviour at the crate root
  • Improved compile time error messages for #[derive(AsChangeset)]
  • Allow to use generic types in infix_operator!()
  • Fixes for several instances of unsound, unspecified or otherwise dangerous behaviour:
    • Unsound string construction in SqliteValue::read_text/FromSql<Text, Sqlite> for String
    • Invalid alignment for over aligned data in SqliteConnection::register_function for aggregate functions
    • Potential memory leaks in SqliteConnection::register_function
    • Access to padding bytes while serializing Date/time types in the Mysql backend
    • SQL Option Injection in PostgreSQL COPY FROM/TO
    • Unspecified pointer cast in Debug/Display implementation of batch INSERT statements for SQLite
    • Invalid call order of SQLite API functions in SqliteValue::read_text/FromSql<Text, Sqlite> for String/SqliteValue::read_blob()/FromSql<Binary, Sqlite> for Vec<u8>
    • Potential unsound pointer access for FromSql<Binary, _> for Vec<u8> and FromSql<Text, _> for String for third party backends (requires changes to the third party backend as well)

[2.3.7] 2026-03-13

  • Add support for libsqlite3-sys 0.36
  • Fix a potential resource leak if establishing a SqliteConnection fails.
Commits
  • 58820dc Merge pull request #5036 from weiznich/prepare_2.3.8
  • 895b5ba Prepare a 2.3.8 release
  • ea008d3 Fix several UB instances
  • 64003c6 Merge pull request #5034 from ayarotsky/fix-reject-aggregate-select-with-non-...
  • 49b936e Merge pull request #5012 from ayarotsky/fix-aggregate-expressions-and-order-by
  • d4a0495 Merge pull request #5035 from weiznich/bump/rust_1.95
  • 5e0289e Merge pull request #5027 from barry3406/fix/infix-operator-generic-types
  • 367c7f5 Merge pull request #5017 from ThunderComplex/feature/ignore_empty_dir_in_migr...
  • 305cc7a Merge pull request #5011 from ayarotsky/docs-transaction-behavior
  • 6797867 Merge pull request #5009 from XiaoPengMei/docs/clarify-insertable-serialize-a...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump diesel from 2.3.6 to 2.3.8
ee6554e 
Bumps [diesel](https://github.com/diesel-rs/diesel) from 2.3.6 to 2.3.8.
- [Release notes](https://github.com/diesel-rs/diesel/releases)
- [Changelog](https://github.com/diesel-rs/diesel/blob/main/CHANGELOG.md)
- [Commits](diesel-rs/diesel@v2.3.6...v2.3.8)

---
updated-dependencies:
- dependency-name: diesel
  dependency-version: 2.3.8
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels May 6, 2026
@DorianCoding DorianCoding self-assigned this May 6, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 6, 2026

Looks like diesel is up-to-date now, so this is no longer needed.

@dependabot dependabot Bot closed this May 6, 2026
@dependabot dependabot Bot deleted the dependabot/cargo/diesel-2.3.8 branch May 6, 2026 18:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@DorianCoding DorianCoding

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@DorianCoding