fix(deps): update rust crate libsqlite3-sys to 0.25.1 [security] #162
+1
−1
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
0.9.1
->0.25.1
GitHub Vulnerability Alerts
CVE-2022-35737
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
Release Notes
rusqlite/rusqlite (libsqlite3-sys)
v0.25.1
: rusqlite 0.25.1, libsqlite3-sys 0.22.1Compare Source
v0.25.0
: 0.25.0Compare Source
ToSql
implementations foru64
andusize
#826 / #821FromSql
foru64
,usize
andf32
, andToSql
forf32
#823 / #822 / #821create_scalar_function
#825Batch
iterator #824 / #803#[inline]
and#[cold]
in far more places #834optional()
requires import of traitrusqlite::OptionalExtension
#842time
to appease deps.rs #849get_connection
method to function context #867get_raw
toget_ref_unwrap
andget_raw_checked
toget_ref
#838v0.24.2
: rusqlite 0.24.2Compare Source
v0.24.2 is identical to v0.24.1 except it allows building with an older version of
smallvec
, as the newer one caused meaningful performance issues in Firefox.See https://github.com/rusqlite/rusqlite/pull/855 for more info.
v0.24.1
: rusqlite 0.24.1, libsqlite3-sys 0.20.1Compare Source
The
lru-cache
crate has been replaced withhashlink
, which may fix panics on Rust nightly caused by unsoundness in some versions of thelru-cache
crate (#811).A positional BLOB I/O API has been added, which more closely mirrors SQLites actual BLOB I/O api, and is similar to unix-style
pwrite
/pread
. (#780).A
winsqlite3
feature as been added to bothrusqlite
andlibsqlite3-sys
which allows linking against the SQLite present in newer versions of Windows 10 (#796).Rusqlite's iterator types are now
#[must_use]
(#799).Several dependencies have been updated.
v0.24.0
: rusqlite 0.24.0, libsqlite-sys 0.20.0time
v0.2 and put it behind a feature flag (#653)TryFrom<&Row<'_>>
for(...)
This change implements
TryFrom<&Row>
for tuples up to 16 fields. Thisis a convenience function that can be used to map rows more easily.
SQLITE_OMIT_DECLTYPE
(featurecolumn_decltype
)LIBSQLITE3_FLAGS
hookEnables compiling bundled sources with different flags.
sqlite3_exec
which supports unlock notify (#767)InvalidParameterCount
message (#779)Map
HAVE_LOCALTIME_R
)preupdate_hook
feature requiresbuildtime_bindgen
v0.23.1
: rusqlite 0.23.1Compare Source
Hotfix release for arm32 bustage (#724)
v0.23.0
: rusqlite 0.23.0, libsqlite-sys 0.18.0The release primarily contains a number of security/memory safety fixes, which were mostly found due to an audit of the unsafe code in the crate. An advisory will be published for these shortly.
They mostly impact APIs exposed through
features
, so while there are a lot of them, if you're using rusqlite under default features, you're fine. None of them impact libsqlite3-sys.It's a major release as these APIs were fundamentally unsound and could not be fixed without breaking changes.
unsafe trait
as implementing them on the wrong type is unsound rusqlite/rusqlite@c9ef5bd. (Note that a safe VTab API is planned in the future).create_module
take a &'static Module as that's what the reference was treated as. rusqlite/rusqlite@3c6b57fUnlockNotification
hold the Mutex while notifying the CondVar. Also, ensure&mut
is not used to reference a value shared across another thread. rusqlite/rusqlite@45fd77eNon-safety changes in this release:
v0.22.0
: rusqlite 0.22.0, libsqlite-sys 0.17.3Connection::busy_timeout
(#604)modern_sqlite
andbundled
features. (#613)FromSql
forBox<str>
,Rc<str>
andArc<str>
rusqlite
, hopefully fixing it (#647)IndexConstraintOp
entries (#623)alloc
to generate C string allocated by sqlite3 (#644)rusqlite
now exposes thebundled-windows
feature, forwarding tolibsqlite3-sys
. (#682)rusqlite::Result<T>
is now defined astype Result<T, E = rusqlite::Error>
. This avoids needing to accessstd::result::Result
explicitly whenrusqlite::Result
is brought into scope. (#678)Rows
now supportmapped
andand_then
functions which return Iterators. This is useful if you cannot usequery_map
orquery_and_then
for some reason. (#676)#[non_exhaustive]
for better extensibility. (#673)Statement
apis have been added to allow separating parameter binding and statement execution. (#668)bundled-full
feature now exists to enable bothbundled
and other features which do not conflict. It is mainly intended to improve developer ergonomics for working on rusqlite (#687)vtab_v3
andunstable
are removed. The former is no longer necessary and the latter was only used for#[bench]
. (#687)rusqlite::Error
now implementsstd::error::Error::source
instead of onlystd::error::Error::cause
. Use ofcause
will still work, as it goes throughsource
by default. (#683)v0.20.0
Compare Source
sqlite3_column_text
is valid UTF-8. (#548)Module
implSend
(#543)v0.18.0
impl ToSql for Box<dyn ToSql>
(#500)sqlcipher
andbundled
(#511)Statement::columns
(#494)v0.17.0
Compare Source
Add params/named_params macro, and expose
ToSql
from top level #471Replace
Row::get
byRow::get_checked
,And rename original
Row::get
toRow::get_unwrap
.Stmt::query_map
,Stmt::query_map_named
,Stmt::query_row
,Conn::query_row
andConn::query_row_named
callback parameter must return aResult
.Rows
implementFallibleStreamingIterator
#478Rows::next
returnsResult<Option<&Row<'_>>>
instead ofOption<Result<Row<...>>>
.PartialEq
forError
#416get_aux
safe by storing theTypeId
with the data.Connection::from_handle
#453libsqlite3_sys as ffi
exportpub
#469Debug
forTransaction
#470v0.16.0
Compare Source
OptionalExtension
functions
andi128
featuresv0.15.0
Compare Source
&[&ToSql]
(#312)array
feature should not requirebundled
#384v0.14.0
Compare Source
ToSql
implementation fortime::Timespec
uses RFC 3339 (%Y-%m-%dT%H:%M:%S.%fZ).Previous format was %Y-%m-%d %H:%M:%S:%f %Z.
Send
able and'static
.free_boxed_hook
does not work forfn
.sqlite3_update_hook
(#260, #328),sqlite3_commit_hook
andsqlite3_rollback_hook
.unlock_notify
feature (#294, #331).Statement::column_index
case-insensitive (#330).&mut Connection
inTransaction
.tyvar_behind_raw_pointer
warnings.Connection::open
documentation (#332)sqlite3_get_autocommit
andsqlite3_stmt_busy
.sqlite3_busy_timeout
andsqlite3_busy_handler
.sqlite3_expanded_sql
.rerun-if-env-changed
in libsqlite3-sys (#329).InvalidQuery
error when SQL is not read only.v0.13.0
Compare Source
and expect fractional seconds and timezone in the serialized string.
sqlcipher
feature allows linking against SQLCipher instead of SQLite.v0.12.0
ToSql
impls forstr
and[u8]
.v0.11.0
Compare Source
FromSql
andToSql
impls forisize
. Documents whyusize
andu64
are not included.v0.10.0
ErrorCode
enum fromlibsqlite3-sys
.version()
andversion_number()
functions for querying the version of SQLite in use.limits
feature, exposinglimit()
andset_limit()
methods onConnection
.libsqlite3-sys
0.7.0, which runs rust-bindgen at build-time instead of assuming thepresence of all expected SQLite constants and functions.
some features will not compile unless a sufficiently-recent SQLite version is used. See
the README for requirements of particular features.
rusqlite will panic since it cannot ensure the threading mode for SQLite. This check can be
skipped by calling the unsafe function
rusqlite::bypass_sqlite_initialization()
. This istechnically a breaking change but is unlikely to affect anyone in practice, since prior to this
version the check that rusqlite was using would cause a segfault if linked against a SQLite
older than 3.7.0.
SQLite version is at least as new as the SQLite version found at buildtime. This check can be
skipped by calling the unsafe function
rusqlite::bypass_sqlite_version_check()
.libc
dependency in favor of usingstd::os::raw
v0.9.4
v0.9.3
Compare Source
ToSqlOutput
itself implementToSql
.Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.