Skip to content

build(deps): bump diesel_derives from 2.3.7 to 2.3.8#6538

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/cargo/diesel_derives-2.3.8
Open

build(deps): bump diesel_derives from 2.3.7 to 2.3.8#6538
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/cargo/diesel_derives-2.3.8

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 28, 2026
edited
Loading

Bumps diesel_derives from 2.3.7 to 2.3.8.

Changelog

Sourced from diesel_derives's changelog.

[2.3.8] 2026-04-24

  • Added support for libsqlite3-sys 0.37.0
  • Raise a compile-time error when mixing aggregate and non-aggregate expressions in an ORDER BY clause without a GROUP BY clause
  • Calling .count() or .select(aggregate_expr) on a query that already has a non-aggregate .order_by() clause now raises a compile-time error instead of generating invalid SQL that would be rejected by the database at runtime (fixes #3815)
  • Added documentation for migration transaction behaviour at the crate root
  • Improved compile time error messages for #[derive(AsChangeset)]
  • Allow to use generic types in infix_operator!()
  • Fixes for several instances of unsound, unspecified or otherwise dangerous behaviour:
    • Unsound string construction in SqliteValue::read_text/FromSql<Text, Sqlite> for String
    • Invalid alignment for over aligned data in SqliteConnection::register_function for aggregate functions
    • Potential memory leaks in SqliteConnection::register_function
    • Access to padding bytes while serializing Date/time types in the Mysql backend
    • SQL Option Injection in PostgreSQL COPY FROM/TO
    • Unspecified pointer cast in Debug/Display implementation of batch INSERT statements for SQLite
    • Invalid call order of SQLite API functions in SqliteValue::read_text/FromSql<Text, Sqlite> for String/SqliteValue::read_blob()/FromSql<Binary, Sqlite> for Vec<u8>
    • Potential unsound pointer access for FromSql<Binary, _> for Vec<u8> and FromSql<Text, _> for String for third party backends (requires changes to the third party backend as well)
Commits
  • 58820dc Merge pull request #5036 from weiznich/prepare_2.3.8
  • 895b5ba Prepare a 2.3.8 release
  • ea008d3 Fix several UB instances
  • 64003c6 Merge pull request #5034 from ayarotsky/fix-reject-aggregate-select-with-non-...
  • 49b936e Merge pull request #5012 from ayarotsky/fix-aggregate-expressions-and-order-by
  • d4a0495 Merge pull request #5035 from weiznich/bump/rust_1.95
  • 5e0289e Merge pull request #5027 from barry3406/fix/infix-operator-generic-types
  • 367c7f5 Merge pull request #5017 from ThunderComplex/feature/ignore_empty_dir_in_migr...
  • 305cc7a Merge pull request #5011 from ayarotsky/docs-transaction-behavior
  • 6797867 Merge pull request #5009 from XiaoPengMei/docs/clarify-insertable-serialize-a...
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels Apr 28, 2026
@dependabot
build(deps): bump diesel_derives from 2.3.7 to 2.3.8
89c966c 
Bumps [diesel_derives](https://github.com/diesel-rs/diesel) from 2.3.7 to 2.3.8.
- [Release notes](https://github.com/diesel-rs/diesel/releases)
- [Changelog](https://github.com/diesel-rs/diesel/blob/main/CHANGELOG.md)
- [Commits](diesel-rs/diesel@v2.3.7...v2.3.8)

---
updated-dependencies:
- dependency-name: diesel_derives
  dependency-version: 2.3.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/cargo/diesel_derives-2.3.8 branch from 646b273 to 89c966c Compare April 28, 2026 09:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update Rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants