chore(deps): bump diesel from 2.2.10 to 2.3.9 by dependabot[bot] · Pull Request #393 · cipherstash/proxy

dependabot · 2026-05-06T09:31:46Z

Bumps diesel from 2.2.10 to 2.3.9.

Changelog

[2.3.9] 2026-04-30

Removed a dbg! statement from the Mysql backend that caused unwanted output

Fix a regression in #[derive(AsChangeset)] introduced in 2.3.8 where structs with a type or const generic parameter referenced in a field type failed to compile with error[E0425]: cannot find type 'T' in this scope. The diagnostic helper functions added to improve AsChangeset error messages now forward all generic parameters of the input struct, not only lifetimes.

[2.3.8] 2026-04-24

Added support for libsqlite3-sys 0.37.0

Raise a compile-time error when mixing aggregate and non-aggregate expressions in an ORDER BY clause without a GROUP BY clause

Calling .count() or .select(aggregate_expr) on a query that already has a non-aggregate .order_by() clause now raises a compile-time error instead of generating invalid SQL that would be rejected by the database at runtime (fixes #3815)

Added documentation for migration transaction behaviour at the crate root

Improved compile time error messages for #[derive(AsChangeset)]

Allow to use generic types in infix_operator!()

Fixes for several instances of unsound, unspecified or otherwise dangerous behaviour:

Unsound string construction in SqliteValue::read_text/FromSql<Text, Sqlite> for String

Invalid alignment for over aligned data in SqliteConnection::register_function for aggregate functions

Potential memory leaks in SqliteConnection::register_function

Access to padding bytes while serializing Date/time types in the Mysql backend

SQL Option Injection in PostgreSQL COPY FROM/TO

Unspecified pointer cast in Debug/Display implementation of batch INSERT statements for SQLite

Invalid call order of SQLite API functions in SqliteValue::read_text/FromSql<Text, Sqlite> for String/SqliteValue::read_blob()/FromSql<Binary, Sqlite> for Vec<u8>

Potential unsound pointer access for FromSql<Binary, _> for Vec<u8> and FromSql<Text, _> for String for third party backends (requires changes to the third party backend as well)

[2.3.7] 2026-03-13

Add support for libsqlite3-sys 0.36

Fix a potential resource leak if establishing a SqliteConnection fails.

[2.3.6] 2026-01-23

Added support for mysqlclient-sys 0.5.0

Fix generating valid schema if a column is named table

Fixed a regression with #[derive(Insertable)] if the same field type is used with different lifetime values

[2.3.5] 2025-12-19

Fix another libmariadb related issue with time types

Improve compile time error messages for #[derive(Insertable)]

Bump supported version of sqlite-wasm-rs to 0.5.0

Minor documentation fixes

Make the returning_clauses_for_sqlite_3_35 feature enable the sqlite feature by default

Include a fix for a nightly rust name resolution ambiguity

[2.3.4] 2025-11-26

Fix an issue with breaking changes in libmariadb

Fix documentation links for helper types

Fix using #[diesel(embed)] with Option<Inner> types

Fix documentation for concurrent migration runs

... (truncated)

Commits

2e7eb35 Also bump derives version
b3a16a3 Merge pull request #5046 from apastrana6/ap/fix-derive-as-changeset
9f0a6c1 Prepare a 2.3.9 release
adcc896 Enable some clippy lints to prevent having dbg in a release again
66760df Remove MySQL time serializer debug output
58820dc Merge pull request #5036 from weiznich/prepare_2.3.8
895b5ba Prepare a 2.3.8 release
ea008d3 Fix several UB instances
64003c6 Merge pull request #5034 from ayarotsky/fix-reject-aggregate-select-with-non-...
49b936e Merge pull request #5012 from ayarotsky/fix-aggregate-expressions-and-order-by
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [diesel](https://github.com/diesel-rs/diesel) from 2.2.10 to 2.3.9. - [Release notes](https://github.com/diesel-rs/diesel/releases) - [Changelog](https://github.com/diesel-rs/diesel/blob/main/CHANGELOG.md) - [Commits](diesel-rs/diesel@v2.2.10...v2.3.9) --- updated-dependencies: - dependency-name: diesel dependency-version: 2.3.9 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels May 6, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump diesel from 2.2.10 to 2.3.9#393

chore(deps): bump diesel from 2.2.10 to 2.3.9#393
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/diesel-2.3.9

dependabot Bot commented on behalf of github May 6, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 6, 2026

[2.3.9] 2026-04-30

[2.3.8] 2026-04-24

[2.3.7] 2026-03-13

[2.3.6] 2026-01-23

[2.3.5] 2025-12-19

[2.3.4] 2025-11-26

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants