Skip to content

chore(deps): bump diesel from 2.3.6 to 2.3.8#2280

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/cargo/diesel-2.3.8
Open

chore(deps): bump diesel from 2.3.6 to 2.3.8#2280
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/cargo/diesel-2.3.8

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 6, 2026
edited
Loading

Bumps diesel from 2.3.6 to 2.3.8.

Changelog

Sourced from diesel's changelog.

[2.3.8] 2026-04-24

  • Added support for libsqlite3-sys 0.37.0
  • Raise a compile-time error when mixing aggregate and non-aggregate expressions in an ORDER BY clause without a GROUP BY clause
  • Calling .count() or .select(aggregate_expr) on a query that already has a non-aggregate .order_by() clause now raises a compile-time error instead of generating invalid SQL that would be rejected by the database at runtime (fixes #3815)
  • Added documentation for migration transaction behaviour at the crate root
  • Improved compile time error messages for #[derive(AsChangeset)]
  • Allow to use generic types in infix_operator!()
  • Fixes for several instances of unsound, unspecified or otherwise dangerous behaviour:
    • Unsound string construction in SqliteValue::read_text/FromSql<Text, Sqlite> for String
    • Invalid alignment for over aligned data in SqliteConnection::register_function for aggregate functions
    • Potential memory leaks in SqliteConnection::register_function
    • Access to padding bytes while serializing Date/time types in the Mysql backend
    • SQL Option Injection in PostgreSQL COPY FROM/TO
    • Unspecified pointer cast in Debug/Display implementation of batch INSERT statements for SQLite
    • Invalid call order of SQLite API functions in SqliteValue::read_text/FromSql<Text, Sqlite> for String/SqliteValue::read_blob()/FromSql<Binary, Sqlite> for Vec<u8>
    • Potential unsound pointer access for FromSql<Binary, _> for Vec<u8> and FromSql<Text, _> for String for third party backends (requires changes to the third party backend as well)

[2.3.7] 2026-03-13

  • Add support for libsqlite3-sys 0.36
  • Fix a potential resource leak if establishing a SqliteConnection fails.
Commits
  • 58820dc Merge pull request #5036 from weiznich/prepare_2.3.8
  • 895b5ba Prepare a 2.3.8 release
  • ea008d3 Fix several UB instances
  • 64003c6 Merge pull request #5034 from ayarotsky/fix-reject-aggregate-select-with-non-...
  • 49b936e Merge pull request #5012 from ayarotsky/fix-aggregate-expressions-and-order-by
  • d4a0495 Merge pull request #5035 from weiznich/bump/rust_1.95
  • 5e0289e Merge pull request #5027 from barry3406/fix/infix-operator-generic-types
  • 367c7f5 Merge pull request #5017 from ThunderComplex/feature/ignore_empty_dir_in_migr...
  • 305cc7a Merge pull request #5011 from ayarotsky/docs-transaction-behavior
  • 6797867 Merge pull request #5009 from XiaoPengMei/docs/clarify-insertable-serialize-a...
  • Additional commits viewable in compare view

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label May 6, 2026
@taddes
Copy link
Copy Markdown
Collaborator

taddes commented May 7, 2026

@dependabot rebase

@dependabot
chore(deps): bump diesel from 2.3.6 to 2.3.8
0dd9256 
Bumps [diesel](https://github.com/diesel-rs/diesel) from 2.3.6 to 2.3.8.
- [Release notes](https://github.com/diesel-rs/diesel/releases)
- [Changelog](https://github.com/diesel-rs/diesel/blob/main/CHANGELOG.md)
- [Commits](diesel-rs/diesel@v2.3.6...v2.3.8)

---
updated-dependencies:
- dependency-name: diesel
  dependency-version: 2.3.8
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/cargo/diesel-2.3.8 branch from 6a6fd8a to 0dd9256 Compare May 7, 2026 15:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@taddes