sync: pull launchbadge/sqlx up to 6956cef0; port skip-migrations to MSSQL#14
Merged
Conversation
* fix(postgres): make advisory lock cancel safe * fix(postgres): prepare advisory lock acquire query first * document cancel safety
* Fix panic in JSONB decoder on invalid version byte Replace assert_eq! with proper error handling to prevent panic on untrusted database input. The Decode trait contract requires returning Result<T, Error>, but the assertion would cause a panic instead. This issue was discovered through fuzzing and can be triggered by: - Malformed JSONB data in the database - Database corruption - Future PostgreSQL versions with different JSONB formats The fix replaces the assertion with a conditional check that returns an appropriate error, maintaining the Decode trait contract and allowing applications to handle the error gracefully. Signed-off-by: Jared Reyes <jaredreyespt@gmail.com> * Fix formatting Signed-off-by: Jared Reyes <jaredreyespt@gmail.com> --------- Signed-off-by: Jared Reyes <jaredreyespt@gmail.com>
…extension example (transact-rs#4107) * Add SQLite extension entrypoint config to `sqlx.toml`, update SQLite extension example * Fix tests & formatting
…sact-rs#4203) Use sqlite3_value_text() instead of checking sqlite3_value_type() first, matching SQLite's documented text affinity coercion for the REGEXP operator. NULL values still return NULL. Closes transact-rs#4190
…ransact-rs#4202) sqlite3_errmsg() returns UTF-8 in practice but the spec does not guarantee it. Using from_utf8_unchecked is unsound if non-UTF-8 bytes are returned (e.g. from malformed schema element names). Closes transact-rs#4193
…s#4219) The safe Fn(&str, &str) -> Ordering signature exposed by SqliteConnectOptions::collation() and LockedSqliteHandle::create_collation() was backed by from_utf8_unchecked, so a database containing invalid UTF-8 text could reach the user callback and materialize &str values that violate Rust's UTF-8 invariant inside a safe API. SQLite explicitly documents that invalid UTF-8 may be passed into application-defined collating sequences, so the FFI shim must not assume well-formed bytes. Replace from_utf8_unchecked with String::from_utf8_lossy, which matches the sqlite3_create_collation_v2 SQLITE_UTF8 flag and keeps the safe signature sound without changing correct-UTF-8 behavior. Fixes transact-rs#4194 Co-authored-by: Joaquin Hui Gomez <joaquinhuigomez@users.noreply.github.com>
- Use SqliteOwnedBuf with serialize/deserialize to snapshot an in-memory database as raw bytes - Embed the bytes in a custom container format (magic header + db) - Round-trip: create → serialize → write → read → deserialize → query
* Fix SCRAM password SASLprep * remove panic!() * fmt * add error description
…ror when querying) (transact-rs#4086) * Re-read mysql column info during execute MariaDB may change the column info between PREPARE and EXECUTE if the schema changes (https://jira.mariadb.org/browse/MDEV-27013). Therefore, always read column info from the execute metadata and use it for the row column_names field. Fixes: transact-rs#2206, transact-rs#1530 * doc: caution that ColumnIndex may differ between Statement and Row
…4142) * feat(mysql): add mysql-rsa feature for non-TLS RSA auth * - Removed unused dependencies from sqlx-mysql (verified no code references). - Pinned time to =0.3.45 to respect MSRV 1.86 and updated examples to keep the same version explicit. * revert time pinning in Cargo.toml * trim Cargo.lock churn and document mysql-rsa for sqlx-cli --------- Co-authored-by: Austin Bonander <austin.bonander@gmail.com>
…name handling (transact-rs#4221) * fix: replace from_utf8_unchecked with from_utf8 in SQLite statement handle Replace all uses of `from_utf8_unchecked` with safe `from_utf8` in the SQLite statement handle to fix a soundness issue. SQLite allows non-UTF-8 column names via its C API, but `from_utf8_unchecked` assumes valid UTF-8 without checking. This can produce invalid `&str` values through a safe public API, which is undefined behavior in Rust. Using `from_utf8().expect()` instead converts potential UB into a defined panic with a clear message. There is no behavioral change for valid UTF-8 inputs, which covers all practical usage. Fixes transact-rs#4192 * style: run rustfmt on handle.rs
Replace reference to maintained version of dotenv
…ransact-rs#4227) The unstable proc_macro tracking APIs were restructured in rust-lang/rust#149400: - modules `tracked_env` and `tracked_path` were merged into a single module `tracked` - `proc_macro::tracked_env::var` -> `proc_macro::tracked::env_var` - `proc_macro::tracked_path::path` -> `proc_macro::tracked::path` - features `track_path` -> `proc_macro_tracked_path` (+ `proc_macro_tracked_env`) Building with --cfg=sqlx_macros_unstable on recent nightly fails because of the renames and because `extern crate proc_macro;` was only declared in `migrate.rs`, leaving `lib.rs` and `query/cache.rs` without the crate in scope. Move the gated `extern crate proc_macro;` to the crate root, drop the duplicate from migrate.rs, and update the API call sites and the clippy.toml reason field. Fixes transact-rs#4150
…sact-rs#4226) * WIP fix(postgres): use non-prepared statements for metadata queries * WIP fix(postgres): use non-prepared statements for metadata queries (2) * WIP fix(postgres): use non-prepared statements for metadata queries (3) * WIP fix(postgres): use non-prepared statements for metadata queries (5) * WIP fix(postgres): use non-prepared statements for metadata queries (6) * WIP fix(postgres): use non-prepared statements for metadata queries (7) * WIP fix(postgres): use non-prepared statements for metadata queries (8) * WIP fix(postgres): use non-prepared statements for metadata queries (9) * WIP fix(postgres): use non-prepared statements for metadata queries (10)
…4245) The client-side scramble mixed the SHA-256 inputs in the wrong order, so no spec-compliant MySQL server could validate it. Every connection fell through to perform_full_authentication and the plugin's cache was never exercised. Two changes: 1. scramble_sha256 now hashes as SHA256(SHA256(SHA256(pw)) || nonce) to match the server's generate_sha2_scramble. Adds a unit test that simulates the server's XOR verification. 2. handle(..) returned true on fast_auth_success (0x01 0x03) without consuming the trailing OK_Packet, which then corrupted the next read. This was latent because 0x03 was never reached. It now yields back to the handshake loop so the OK is consumed by the existing 0x00 branch. fixes transact-rs#4244
…ransact-rs#4223) Covers the scenario from transact-rs#4147 where ORDER BY + LIMIT routes data through an ephemeral sorter table. Verifies NOT NULL columns keep their constraint, and nullable columns stay nullable. This already passes on main (the 0.9 explain rewrite fixed it), but there was no test guarding against regression.
* Refactor error handling * Add password test cases * Unescape password
* ci: check direct minimal versions Switch minimal-versions CI check to direct-minimal-versions Avoids failures caused by incorrect lower bounds in transitive dependencies (e.g. native-tls 0.2.12 declaring openssl ^0.10.29 but requiring >= 0.10.46 for Pkcs12::parse2). direct-minimal- versions only resolves our own declared lower bounds to their minimums. * fix: bump direct dependency minimum versions To eliminate another dep to manage, brought in transact-rs#4171 All workspace Cargo.toml files bumped direct dependency minimum versions to be compatible with transitive requirements under direct-minimal-versions: - memchr 2.4.1 → 2.5.0 (winnow needs ^2.5) - futures-* → 0.3.31 (futures-util needs futures-core ^0.3.31) - serde → 1.0.218, serde_json → 1.0.85 - proc-macro2 → 1.0.83, syn → 2.0.87, quote → 1.0.35 - tokio → 1.20.1, time → 0.3.37, uuid → 1.12.1 - smallvec → 1.10.0, bitflags → 2.4, percent-encoding → 2.3.0 - rand → 0.8.5, dotenvy → 0.15.7, plus many others Aligned all examples to the same minimums, then regenerated Cargo.lock with normal resolver. * fix: bump more direct minimums for direct-minimal-versions CI CI was failing on `cargo +nightly generate-lockfile -Z direct-minimal-versions` because several declared minimums were too low to satisfy transitive requirements introduced by upstream's recent updates (axum 0.8, cargo_metadata 0.23, validator 0.20, etc.). - anyhow 1.0 → 1.0.58 (sqlite/serialize example) - bytes 1.1.0 → 1.2.0 (axum-core 0.5 needs ^1.2) - clap 4.3.10 → 4.4.7 (sqlx-cli uses Command::styles / clap::builder::Styles) - filetime 0.2 → 0.2.25 (sqlx-cli uses FileTime::now()) - itoa 1.0.1 → 1.0.5 (axum 0.8 needs ^1.0.5) - serde 1.0.218 → 1.0.219 (cargo_metadata 0.23.1 needs ^1.0.219) - serde_json 1.0.85 → 1.0.142 (cargo_metadata 0.23.1 needs ^1.0.142) - smallvec 1.10.0 → 1.13.1 (idna 1.0 via validator 0.20 needs ^1.13.1) - tokio 1.20.1 → 1.25.0 (axum 0.8 needs ^1.25.0) - tower 0.5 → 0.5.2 (axum 0.8 needs ^0.5.2)
* feat(migration): ensure deterministic migration order by sorting ups before downs * cargo fmt * feat(migration): implement ordering for Migration and MigrationType for deterministic sorting * refactor(migration): remove unused direction_order method from MigrationType
Co-authored-by: Markus Gasser <markus.gasser@frauscher.com>
Using undefined `user_email` and `user_name` left me confused, because: 1. I was not aware of their types 2. I didn't know where they did come from Passing real values seem to be more correct and more readable :)
Sync 33 upstream commits (3ec1422..6956cef) from launchbadge/sqlx into the MSSQL fork. Conflicts resolved: - Cargo.toml: keep `sqlx-mssql` workspace entries; apply upstream's `default-features = false` on `sqlx-mysql` (for the new mysql-rsa optional feature). - sqlx-macros-core/Cargo.toml: same pattern. - Cargo.lock: accept upstream; pinned `home` to 0.5.11 to keep the workspace MSRV (1.86) viable. Notable upstream commits that may affect MSSQL parity work: - 45ba990 — feature: skip migrations (transact-rs#3846) — needs port to sqlx-mssql/src/migrate.rs (follow-up commit). - 66533fa — feature: deterministic migration order (transact-rs#4136) — sqlx-core only; MSSQL inherits via trait. - c0a3218 — breaking(any+mysql): correct text/blob -> AnyTypeInfo coercion (transact-rs#4255) — sqlx-mysql only; audit MSSQL's any.rs separately. Pre-existing bug surfaced in `cargo check --workspace`: sqlx-mssql's `types/time.rs` and `types/bigdecimal.rs` reference `MssqlData` variants that don't exist when those features are enabled. Same failure on pre-merge `main` — to be fixed in a follow-up, not introduced by this sync.
Mirrors the upstream skip-migrations addition from launchbadge/sqlx PR transact-rs#3846 (commit 45ba990). The new `skip` method records a migration in the `_sqlx_migrations` table without executing its SQL body, marking it as successfully applied. This is used by `sqlx migrate override skip` in the CLI and is routed through the Any driver. The TSQL INSERT mirrors `execute_migration`'s parameter binding (`@p1, @p2, @p3`) and uses `1` for the `success` BIT column (MSSQL doesn't have a TRUE literal). The `escape_table_name` helper provides the same identifier-injection protection used by existing MSSQL migration writes. Author: Pablo Carrera <pabloce@poscye.com>
Mirrors tests/mysql/migrate.rs::skip from upstream PR transact-rs#3846. Manually runs the first reversible migration's up.sql, calls `migrator.skip` to record version 20220721124650 in `_sqlx_migrations` without re-executing its body, then verifies the remaining migration runs and rolls back as expected. Requires a live MSSQL instance (e.g. `docker compose -f tests/docker-compose.yml up mssql_2022 -d`) with `DATABASE_URL=mssql://sa:YourStrong!Passw0rd@localhost:1433/master`. Author: Pablo Carrera <pabloce@poscye.com>
4 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
launchbadge/sqlx(3ec1422e..6956cef0) into the MSSQL fork.Migrate::skipmethod (upstream PR Add the possibility to skip migrations transact-rs/sqlx#3846) intosqlx-mssql/src/migrate.rsso thesqlx migrate override skipCLI subcommand works against SQL Server.Upstream commits relevant to MSSQL
45ba990Migrate::skiptosqlx-core, implemented by mysql/postgres/sqlitesqlx-mssql/src/migrate.rs(this PR)66533fasqlx-coreonlyc0a3218AnyTypeInfocoercion (transact-rs#4255)Anyconversion insqlx-mssql/src/any.rsuses SQL type-name strings (not collation-aware enum matching), so the MySQL bug has no analogued3a8244The other 29 commits are driver-specific (Postgres/MySQL/SQLite) or pure docs/infra/CI.
Conflict resolutions during merge
Cargo.toml+sqlx-macros-core/Cargo.toml: kept thesqlx-mssqlworkspace entries and applied upstream'sdefault-features = falseonsqlx-mysql(for the newmysql-rsaoptional feature in PR feat(mysql): add mysql-rsa feature for non-TLS RSA auth transact-rs/sqlx#4142).Cargo.lock: accepted upstream's lockfile, then pinnedhometo0.5.11so the workspace stays compatible with the pinned MSRV (1.86).home 0.5.12requires rustc1.88.Test plan
cargo check -p sqlx-corecargo check -p sqlx-mssql(default +migrate,anyfeatures)cargo check -p sqlx-clicargo test -p sqlx-core— 30/30 passing, 0 failures (covers66533faordering)cargo test -p sqlx-mssql --features migrate,any --no-run— compilesMigrate::skip(requires Dockerized SQL Server; deferred to CI)Known pre-existing issue (NOT introduced here)
cargo check --workspacewith feature unification triggers compile errors insqlx-mssql/src/types/time.rsandsqlx-mssql/src/types/bigdecimal.rsbecause they referenceMssqlData::TimeDate / TimePrimitiveDateTime / TimeOffsetDateTime / TimeTime / BigDecimalvariants that don't exist on theMssqlDataenum. Confirmed the same errors occur on pre-mergemain. To be fixed in a separate follow-up.