fix(deps): update rust crate sqlx to 0.9

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
sqlx	dependencies	minor	0.8 → 0.9

---

Release Notes

launchbadge/sqlx (sqlx)

v0.9.0

Compare Source

Important Announcements

New Github Organization

Shortly after this release is published, the SQLx repository will be transferred to a new GitHub organization:
https://github.com/transact-rs/

This is because SQLx has not been owned or maintained by LaunchBadge, LLC. for a few years now, and has since been
informally transferred to the collective ownership of its principal authors. Moving the repository to a new
organization makes this change more clear, and also allows for potentially inviting outside collaborators.

Cargo.lock Removed from Tracking

The Cargo.lock has been removed from tracking in Git. CI should now always test with the latest versions of
all dependencies by default, alongside our pass that checks with cargo generate-lockfile -Z minimal-versions.

This should eliminate the need for any PRs that update dependencies to also update Cargo.lock or
contend with an endless stream of merge conflicts against it.

N.B. cargo install --locked sqlx-cli will no longer work. However, cargo install sqlx-cli has always
used the latest dependencies by default, ignoring the lockfile, so most users should not be affected. For users
requiring reproducible builds, consider maintaining your own lockfile instead; historically, we only ran cargo update
sporadically, so relying on SQLx's lockfile offered few guarantees anyway.

See the manual page for cargo install for details.

Breaking

As per our MSRV policy, the supported Rust version for this release cycle is 1.94.0.

• [#​3383]: feat: create sqlx.toml format [[@​abonander]]
  • SQLx and sqlx-cli now support per-crate configuration files (sqlx.toml)
  • New functionality includes, but is not limited to:
    • Rename DATABASE_URL for a crate (for multi-database workspaces)
    • Set global type overrides for the macros (supporting custom types)
    • Rename or relocate the _sqlx_migrations table (for multiple crates using the same database)
    • Set characters to ignore when hashing migrations (e.g. ignore whitespace)
  • More to be implemented in future releases.
  • Enable feature sqlx-toml to use.
    • sqlx-cli has it enabled by default, but sqlx does not.
    • Default features of library crates can be hard to completely turn off because of feature unification,
      so it's better to keep the default feature set as limited as possible.
      This is something we learned the hard way.
  • Guide: see sqlx::_config module in documentation.
  • Reference: [Link]
  • Examples (written for Postgres but can be adapted to other databases; PRs welcome!):
    • Multiple databases using DATABASE_URL renaming and global type overrides: [Link]
    • Multi-tenant database using _sqlx_migrations renaming and multiple schemas: [Link]
    • Force use of chrono when time is enabled (e.g. when using tower-sessions-sqlx-store): [Link]
      • Forcing bigdecimal when rust_decimal is enabled is also shown, but problems with chrono/time are more common.
  • Breaking changes:
    • Significant changes to the Migrate trait
    • sqlx::migrate::resolve_blocking() is now #[doc(hidden)] and thus SemVer-exempt.
• [#​3486]: fix(logs): Correct spelling of aquired_after_secs tracing field [[@​iamjpotts]]
  • Breaking behavior change: implementations parsing tracing logs from SQLx will need to update the spelling.
• [#​3495]: feat(postgres): remove lifetime from PgAdvisoryLockGuard [[@​bonsairobo]]
• [#​3526]: Return &mut Self from the migrator set_ methods [[@​nipunn1313]]
  • Minor breaking change: Migrator::set_ignore_missing and set_locking now return &mut Self instead of &Self
    which may break code in rare circumstances.
• [#​3541]: Postgres: force generic plan for better nullability inference. [[@​joeydewaal]]
  • Breaking change: may alter the output of the query!() macros for certain queries in Postgres.
• [#​3613]: fix: RawSql lifetime issues [[@​abonander]]
  • Breaking change: adds DB type parameter to all methods of RawSql
• [#​3670]: Bump ipnetwork to v0.21.1 [[@​BeauGieskens]]
• [#​3674]: Implement Decode, Encode and Type for Box, Arc, Cow and Rc [[@​joeydewaal]]
  • Breaking change: impl Decode for Cow now always decodes Cow::Owned, lifetime is unlinked
  • See this discussion for motivation: #​3674 (comment)
• [#​3723]: Add SqlStr [[@​joeydewaal]]
  • Breaking change: all query*() functions now take impl SqlSafeStr
    which is only implemented for &'static str and AssertSqlSafe.
    For all others, wrap in AssertSqlSafe(<query>).
  • This, along with [#​3960], finally allows returning owned queries as the type will be Query<'static, DB>.
  • SqlSafeStr trait is deliberately similar to std::panic::UnwindSafe,
    serving as a speedbump to warn users about naïvely building queries with format!()
    while allowing a workaround for advanced usage that is easy to spot on code review.
• [#​3800]: Escape PostgreSQL Options [[@​V02460]]
  • Breaking behavior change: options passed to PgConnectOptions::options() are now automatically escaped.
    Manual escaping of options is no longer necessary and may cause incorrect behavior.
• [#​3821]: Groundwork for 0.9.0-alpha.1 [[@​abonander]]
  • Increased MSRV to 1.86 and set rust-version
  • Deleted deprecated combination runtime+TLS features (e.g. runtime-tokio-native-tls)
  • Deleted re-export of unstable TransactionManager trait in sqlx.
    • Not technically a breaking change because it's #[doc(hidden)],
      but it will break SeaORM if not proactively fixed.
• [#​3924]: breaking(mysql): assume all non-binary collations compatible with str [[@​abonander]]
  • Text (or text-like) columns which previously were inferred to be Vec<u8> will be inferred to be String
    (this should ultimately fix more code than it breaks).
  • SET NAMES utf8mb4 COLLATE utf8_general_ci is no longer sent by default; instead, SET NAMES utf8mb4 is sent to
    allow the server to select the appropriate default collation (since this is version- and configuration-dependent).
  • MySqlConnectOptions::charset() and ::collation() now imply ::set_names(true) because they don't do anything otherwise.
  • Setting charset doesn't change what's sent in the Protocol::HandshakeResponse41 packet as that normally only
    matters for error messages before SET NAMES is sent.
    The default collation if set_names = false is utf8mb4_general_ci.
  • See this comment for details.
  • Incidental breaking change: RawSql::fetch_optional() now returns sqlx::Result<Option<DB::Row>>
    instead of sqlx::Result<DB::Row>. Whoops.
• [#​3928]: breaking(sqlite): libsqlite3-sys versioning, feature flags, safety changes [[@​abonander]]
  • SemVer policy changes: libsqlite3-sys version is now specified using a range.
    The maximum of the range may now be increased in any backwards-compatible release.
    The minimum of the range may only be increased in major releases.
    If you have libsqlite3-sys in your dependencies, Cargo should choose a compatible version automatically.
    If otherwise unconstrained, Cargo should choose the latest version supported.
  • SQLite extension loading (including through the new sqlx-toml feature) is now unsafe.
  • Added new non-default features corresponding to conditionally compiled SQLite APIs:
    • sqlite-deserialize enabling SqliteConnection::serialize() and SqliteConnection::deserialize()
    • sqlite-load-extension enabling SqliteConnectOptions::extension() and ::extension_with_entrypoint()
    • sqlite-unlock-notify enables internal use of sqlite3_unlock_notify()
  • SqliteValue and SqliteValueRef changes:
    • The sqlite3_value* interface reserves the right to be stateful.
      Without protection, any call could theoretically invalidate values previously returned, leading to dangling pointers.
    • SqliteValue is now !Sync and SqliteValueRef is !Send to prevent data races from concurrent accesses.
      • Instead, clone or wrap the SqliteValue in Mutex, or convert the SqliteValueRef to an owned value.
    • SqliteValue and any derived SqliteValueRefs now internally track if that value has been used to decode a
      borrowed &[u8] or &str and errors if it's used to decode any other type.
    • This is not expected to affect the vast majority of usages, which should only decode a single type
      per SqliteValue/SqliteValueRef.
    • See new docs on SqliteValue for details.
• [#​3949]: Postgres: move PgLTree::from to From<Vec<PgLTreeLabel>> implementation [[@​JerryQ17]]
• [#​3957]: refactor(sqlite): do not borrow bound values, delete lifetime on SqliteArguments [[@​iamjpotts]]
• [#​3958]: refactor(any): Remove lifetime parameter from AnyArguments [[@​iamjpotts]]
• [#​3960]: refactor(core): Remove lifetime parameter from Arguments trait [[@​iamjpotts]]
• [#​3993]: Unescape PostgreSQL passfile password [[@​V02460]]
  • Previously, .pgpass file handling did not process backslash-escapes in the password part.
    Now it does, which may change what password is sent to the server.
• [#​4008]: make #[derive(sqlx::Type)] automatically generate impl PgHasArrayType by default for newtype structs [[@​papaj-na-wrotkach]]
  • Manual implementations of PgHasArrayType for newtypes will conflict with the generated one.
    Delete the manual impl or add #[sqlx(no_pg_array)] where conflicts occur.
• [#​4077]: breaking: make offline optional to allow building without serde [[@​CathalMullan]]
• [#​4094]: Bump bit-vec to v0.8 [[@​zennozenith]]
• [#​4142]: feat(mysql): add mysql-rsa feature for non-TLS RSA auth [[@​dertin]]
  • Connections requiring RSA password encryption now need to enable the mysql-rsa feature
    or an error will be generated at runtime. RSA encryption is only used for plaintext (non-TLS) connections.
• [#​4255]: breaking(any+mysql): correctly convert text and blob types to AnyTypeInfo [[@​abonander]]

Added

• [#​3641]: feat(Postgres): support nested domain types [[@​joeydewaal]]
• [#​3651]: Add PgBindIter for encoding and use it as the implementation encoding &[T] [[@​tylerhawkes]]
• [#​3675]: feat: implement Encode, Decode, Type for Arc<str> and Arc<[u8]> (and Rc equivalents) [[@​joeydewaal]]
• [#​3791]: Smol+async global executor 1.80 dev [[@​martin-kolarik]]
  • Adds runtime-smol and runtime-async-global-executor features to replace usages of the deprecated async-std crate.
• [#​3859]: Add more JsonRawValue encode/decode impls. [[@​Dirbaio]]
• [#​3881]: CLi: made cli-lib modules publicly available for other crates [[@​silvestrpredko]]
• [#​3889]: Compile-time support for external drivers [[@​bobozaur]]
• [#​3917]: feat(sqlx.toml): support SQLite extensions in macros and sqlx-cli [[@​djarb]]
• [#​3918]: Feature: Add exclusion violation error kind [[@​barskern]]
• [#​3971]: Allow single-field named structs to be transparent [[@​Xiretza]]
• [#​4015]: feat(sqlite): no_tx migration support [[@​AlexTMjugador]]
• [#​4020]: Add Migrator::with_migrations() constructor [[@​xb284524239]]
• [#​3846]: Add the possibility to skip migrations [[@​Dosenpfand]]
• [#​4107]: Add SQLite extension entrypoint config to sqlx.toml, update SQLite extension example [[@​supleed2]]
• [#​4118]: [postgres] Display line number in error message [[@​mousetail]]
• [#​4123]: feat: add Json::into_inner() [[@​chrxn1c]]
• [#​4153]: Add on unimplemented diagnostic to SqlStr [[@​joeydewaal]]
• [#​4167]: add sqlite serialize/deserialize example [[@​mattrighetti]]
• [#​4228]: sqlx-postgres: Make PgNotification struct clone [[@​michaelvanstraten]]

Changed

• [#​3525]: Remove unnecessary boxfutures [[@​joeydewaal]]
• [#​3867]: sqlx-postgres: Bump etcetera to 0.10.0 [[@​miniduikboot]]
• [#​3709]: chore: replace once_cell OnceCell/Lazy with std OnceLock/LazyLock [[@​paolobarbolini]]
• [#​3890]: feat: Unify Debug implementations across PgRow, MySqlRow and SqliteRow [[@​davidcornu]]
• [#​3911]: chore: upgrade async-io to v2.4.1 [[@​zebrapurring]]
• [#​3938]: Move QueryLogger back [[@​joeydewaal]]
• [#​3956]: chore(sqlite): Remove unused test of removed git2 feature [[@​iamjpotts]]
• [#​3962]: Give SQLX_OFFLINE_DIR from environment precedence in macros [[@​psionic-k]]
• [#​3968]: chore(ci): Add timeouts to ci jobs [[@​iamjpotts]]
• [#​4002]: sqlx-postgres(tests): cleanup 2 unit tests. [[@​joeydewaal]]
• [#​4022]: refactor: tweaks after #​3791 [[@​abonander]]
• [#​4257]: Prefer to give real data to .bind() in README.md [[@​sobolevn]]
• [#​4042]: Update to webpki-roots 1 [[@​tottoto]]
• [#​4072]: chore: update hashlink to v0.11.0 [[@​anmolitor]]
• [#​4143]: Bump whoami to v2 [[@​tisonkun]]
• [#​4161]: sqlx-sqlite: relax libsqlite3-sys constraint to allow 0.36.x [[@​darioAnongba]]
• [#​4173]: ci: check direct minimal versions [[@​ricochet]]
  • Note: reverted in 0.9.0 release but still listed for contributor credit. See end of PR thread for details.
• [#​4189]: Bump flume to 0.12.0 [[@​opoplawski]]
• [#​4223]: test(sqlite): add regression test for ORDER BY + LIMIT nullability (#​4147) [[@​barry3406]]
• [#​4230]: chore: Update to cargo_metadata 0.23 [[@​tottoto]]
• [#​4233]: Change reference to dotenvy [[@​graemer957]]
• [#​4235]: chore: Update to validator 0.20 [[@​tottoto]]
• [#​4253]: chore: update example to axum 0.8 [[@​tottoto]]
• Release PR:
  • Upgraded all Rust-Crypto crates, rand
  • Upgraded etcetera to 0.11.0
  • Increased max of libsqlite3-sys version range to <0.38.0

Fixed

• [#​3840]: Fix docs.rs build of sqlx-sqlite [[@​gferon]]
• [#​3848]: fix(macros): don't mutate environment variables [[@​joeydewaal]]
• [#​3856]: fix(macros): slightly improve unsupported type error message [[@​dyc3]]
• [#​3857]: fix(mysql): validate parameter count for prepared statements [[@​cvzx]]
• [#​3861]: Fix NoHostnameTlsVerifier for rustls 0.23.24 and above [[@​elichai]]
• [#​3863]: Use unnamed statement in pg when not persistent [[@​ThomWright]]
• [#​3874]: Further reduce dependency on futures and futures-util [[@​paolobarbolini]]
• [#​3886]: fix: use Executor::fetch in QueryAs::fetch [[@​bobozaur]]
• [#​3910]: feat(ok): add correct handling of ok packets in MYSQL implementation [[@​0xfourzerofour]]
• [#​3914]: fix: regenerate test certificates [[@​abonander]]
• [#​3915]: fix: spec_error is used by try_from derive [[@​saiintbrisson]]
• [#​3919]: fix[sqlx-postgres]: do a checked_mul to prevent panic'ing [[@​nhatcher-frequenz]]
• [#​3923]: sqlx-mysql: Fix bug in cleanup test db's. [[@​joeydewaal]]
• [#​3950]: chore: Fix warnings for custom postgres_## cfg flags [[@​iamjpotts]]
• [#​3952]: Pool.close: close all connections before returning [[@​jpmelos]]
• [#​3975]: fix documentation for rustls native root certificates [[@​2ndDerivative]]
• [#​3977]: refactor(ci): Use separate job for postgres ssl auth tests [[@​iamjpotts]]
• [#​3980]: Correctly ROLLBACK transaction when dropped during BEGIN. [[@​kevincox]]
• [#​3981]: SQLite: fix transaction level accounting with bad custom command. [[@​kevincox]]
• [#​3986]: chore(core): Fix docstring for Query::try_bind [[@​iamjpotts]]
• [#​3987]: chore(deps): Resolve deprecation warning for chrono Date and ymd methods [[@​iamjpotts]]
• [#​3988]: refactor(sqlite): Resolve duplicate test target warning for macros.rs [[@​iamjpotts]]
• [#​3989]: chore(deps): Set default-features=false on sqlx in workspace.dependencies [[@​iamjpotts]]
• [#​3991]: fix(sqlite): regression when decoding nulls [[@​abonander]]
• [#​4006]: PostgreSQL SASL – run SHA256 in a blocking executor [[@​ThomWright]]
• [#​4007]: fix(compose): use OS-assigned ports for all conatiners [[@​papaj-na-wrotkach]]
• [#​4009]: Drop cached db connections in macros upon hitting an error [[@​swlynch99]]
• [#​4024]: fix(sqlite) Migrate revert with no-transaction [[@​Dosenpfand]]
• [#​4027]: native tls handshake: build TlsConnector in blocking threadpool [[@​daviduebler]]
• [#​4053]: fix(macros): smarter .env loading, caching, and invalidation [[@​abonander]]
  • Additional credit to [[@​AlexTMjugador]] ([#​4018]) and [[@​Diggsey]] ([#​4039]) for their proposed solutions
    which served as a useful comparison.
• [#​4068]: Fix typo in migration example from 'uesrs' to 'users' [[@​squidpickles]]
• [#​4069]: fix some spelling issues [[@​joeydewaal]]
• [#​4086]: fix(mysql): Work around for Issue #​2206 (ColumnNotFound error when querying) [[@​duelafn]]
• [#​4088]: (Fix) Handle nullability of SQLite rowid alias columns [[@​Lege19]]
• [#​4100]: postgres: update pgpass path on windows [[@​joeydewaal]]
• [#​4134]: fix CI: replace removed macOS runner, deprecated use of Command::cargo_bin() [[@​abonander]]
• [#​4136]: Ensure Deterministic Migration Order [[@​aoengin]]
• [#​4158]: Fix panic in JSONB decoder on invalid version byte [[@​jrey8343]]
• [#​4165]: sqlx-postgres: fix correct operator precedence in byte length check [[@​cuiweixie]]
• [#​4171]: fix(postgres): remove home crate in favor of std::env::home_dir [[@​ricochet]]
• [#​4172]: fix(sqlx-cli): bump openssl minimum to 0.10.46 [[@​ricochet]]
• [#​4176]: fix(mysql): return error instead of panic on truncated OK packet [[@​cvzx]]
• [#​4199]: fix(postgres): make advisory lock cancel safe [[@​joeydewaal]]
• [#​4201]: Fix SCRAM password SASLprep [[@​var4yn]]
• [#​4202]: fix: replace from_utf8_unchecked with from_utf8_lossy in SqliteError [[@​joaquinhuigomez]]
• [#​4203]: fix: use sqlite3_value_text for REGEXP to match SQLite coercion [[@​joaquinhuigomez]]
• [#​4219]: sqlite: lossily coerce invalid UTF-8 in custom collation callback [[@​joaquinhuigomez]]
• [#​4221]: fix: replace from_utf8_unchecked with from_utf8 in SQLite column name handling [[@​barry3406]]
• [#​4226]: fix(postgres): use non-prepared statements for metadata queries [[@​abonander]]
• [#​4227]: fix(macros-core): update unstable proc_macro APIs for recent nightly [[@​barry3406]]
• [#​4234]: fix: Use correct path in error when failing to create tmp dir in prepare [[@​Miesvanderlippe]]
• [#​4245]: fix(mysql): repair caching_sha2_password fast-auth path [[@​altmannmarcelo]]
• [#​4251]: fix(tls): potential deadlock in StdSocket::poll_ready() [[@​abonander]]

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[doubleword-code]

Summary

This PR updates the sqlx dependency from version 0.8 to 0.9, a major version upgrade with several breaking changes. The changelog shows this release includes significant API changes, particularly around query building and migration handling.

Verdict: Needs changes - There are breaking API changes that will cause compilation failures in the current codebase.

Research notes

I reviewed the sqlx 0.9.0 changelog which documents the following key breaking changes:

1. #3723 - SqlStr introduction: All query*() functions now take impl SqlSafeStr which is only implemented for &'static str and AssertSqlSafe. String literals work fine, but dynamically built queries using format!() must now be wrapped in AssertSqlSafe().

2. #3383 - Migrate trait changes: Significant changes to the Migrate trait, though the codebase only uses sqlx::migrate!() macro which should be unaffected.

3. #3541 - Postgres nullability inference: May alter output of query!() macros for certain queries - should verify type annotations still match.

4. #3960 - Arguments trait lifetime removed: Could affect custom argument binding, though no custom implementations found in this codebase.

5. MSRV increased to Rust 1.94.0: The project must ensure it's running on Rust 1.94+.

6. Deleted deprecated runtime+TLS combination features: The PR correctly keeps runtime-tokio and tls-rustls as separate features.

Suggested next steps

1. Blocking: Wrap the two format!() query usages in AssertSqlSafe() (see inline comments)
2. Non-blocking: Run full test suite to catch any type inference changes from #3541
3. Non-blocking: Verify Rust MSRV is 1.94.0 or higher
4. Non-blocking: Run cargo sqlx prepare after upgrade to regenerate .sqlx/ cache

General findings

The upgrade is straightforward for most usage patterns - string literal queries will continue to work without modification. However, the two dynamic query constructions using format!() will fail to compile without the AssertSqlSafe wrapper. This is an intentional design change in sqlx 0.9 to make SQL injection risks more visible at code review time.

No usage of the affected Migrator methods (set_ignore_missing, set_locking, resolve_blocking) was found, so those breaking changes don't impact this codebase.

The feature flags used (runtime-tokio, postgres, uuid, chrono, json, tls-rustls) are all still valid in 0.9.

General findings (auto-demoted from inline due to pre-validation)

• Blocking src/manager/postgres.rs:3723 — This format!() call will fail to compile after upgrading to sqlx 0.9.
  • (demoted: path "src/manager/postgres.rs" is not in the PR diff)
• Blocking src/manager/postgres.rs:3755 — This format!() call will fail to compile after upgrading to sqlx 0.9.
  • (demoted: path "src/manager/postgres.rs" is not in the PR diff)

[doubleword-code]

Blocking: This sqlx 0.9 upgrade introduces a breaking change that will cause compilation failures in this file.

Why it matters: In sqlx 0.9, PR #3723 introduced the SqlSafeStr trait which all query*() functions now require. This trait is only implemented for &'static str and AssertSqlSafe<String>. The two uses of format!() to build dynamic SQL queries below (lines 3723 and 3755) will fail to compile because String no longer implements the required trait bound.

From the sqlx 0.9 changelog:

Breaking change: all query*() functions now take impl SqlSafeStr which is only implemented for &'static str and AssertSqlSafe. For all others, wrap in AssertSqlSafe(<query>).

Suggested fix: Import sqlx::AssertSqlSafe and wrap the format!() calls:

use sqlx::AssertSqlSafe;

// Line ~3723
let plan_json: serde_json::Value = sqlx::query_scalar(AssertSqlSafe(&format!(
    // ...
)))

// Line ~3755  
let data: Vec<crate::request::RequestSummary> = sqlx::query_as(AssertSqlSafe(&format!(
    // ...
)))

Note: You may need to pass AssertSqlSafe(format!(...)) directly (without &) depending on the exact signature, as AssertSqlSafe wraps the String itself.