Skip to content

Build(deps): Bump the cargo group across 1 directory with 2 updates#13839

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/cargo/cargo-3dbbdd6e02
Open

Build(deps): Bump the cargo group across 1 directory with 2 updates#13839
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/cargo/cargo-3dbbdd6e02

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 16, 2026

Copy link
Copy Markdown
Contributor

Bumps the cargo group with 2 updates in the / directory: diesel and serde_with.

Updates diesel from 2.3.9 to 2.3.10

Changelog

Sourced from diesel's changelog.

[2.3.10] 2026-06-05

  • Fixed a wrong value of a internal MYSQL flag
  • Fixed several possible panics in the PostgreSQL deserialization code for malformed packages in the
  • Fixed an issue that caused unexpected results while calling custom aggregated SQL functions twice in the SQLite backend
  • Fixed a potential use after free bug in the SQLite backend while deserializing a database from a byte buffer
  • Fixed potential invalid schema generation if column or table names "inject" rust code
  • Fixed potential SQL injections during schema introspection via diesel print-schema
  • Fixed a regression that resulted in rejecting valid combinations of ORDER BY and GROUP BY clauses
Commits

Updates serde_with from 2.3.3 to 3.21.0

Release notes

Sourced from serde_with's releases.

serde_with v3.21.0

Security

  • GHSA-7gcf-g7xr-8hxj: KeyValueMap serialization panics on empty sequence or map entries Bad or attacker controlled values could cause a panic while allocating too large values. Fixed in #966 by setting a maximum allocation size during the creation of collections like Vec or sets.

    Thanks to @​7thParkk for reporting the issue.

Added

  • Add NoneAsZero adapter that maps Option<NonZero*> to a plain integer, encoding None as 0 by @​SAY-5 (#486)

Changed

  • Re-enable link-to-definition on docs.rs (#964)

Fixed

  • Fix some doc links to point to the correct types (#963)
  • Re-enable unused_qualifications and fix the resulting findings by @​lms0806 (#962)

serde_with v3.20.0

Added

  • Add support for base58 encoding, similar to the existing base64 setup by @​mitinarseny (#943)

Fixed

serde_with v3.19.0

Added

  • Add support for hashbrown v0.17 (#940)

    This extends the existing support for hashbrown to the newly released version.

serde_with v3.18.0

Added

  • Support OneOrMany with more sequence and set types (#929)

Changed

  • Bump MSRV to 1.88 due to the darling dependency

serde_with v3.17.0

Added

... (truncated)

Commits
  • 0f4ca67 Update changelog for 3.21.0 (#967)
  • 7654841 Update changelog for 3.21.0
  • c8a1d82 Protect all collection creations against capacity overflow by using `size_hin...
  • 6ad5fa5 Properly feature gate the vec_with_capacity_cautious function
  • ef7d141 Protect all collection creations against capacity overflow by using `size_hin...
  • a348da3 Add serde_as deserialize_as explain (#958)
  • 2e5bc20 Bump the github-actions group with 3 updates (#965)
  • 927a3d6 Bump the github-actions group with 3 updates
  • 62d14ec Enable link-to-definition on docs.rs again, after the upstream issue was reso...
  • 4584d94 Enable link-to-definition on docs.rs again, after the upstream issue was reso...
  • Additional commits viewable in compare view

@dependabot @github

dependabot Bot commented on behalf of github Jul 16, 2026

Copy link
Copy Markdown
Contributor Author

Assignees

The following users could not be added as assignees: warpdotdev/tech-leads. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Jul 16, 2026
@cla-bot cla-bot Bot added the cla-signed label Jul 16, 2026
@oz-for-oss

oz-for-oss Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

@dependabot[bot]

I'm starting a first review of this pull request.

You can view the conversation on Warp.

I completed the review and no human review was requested for this pull request.

Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).

Powered by Oz

@oz-for-oss oz-for-oss Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overview

This PR updates Cargo dependencies and the lockfile for diesel 2.3.9 → 2.3.10 and the workspace serde_with dependency to 3.21.0. The diff is limited to Cargo.toml and Cargo.lock, with transitive lockfile adjustments and no application code changes.

Concerns

  • No blocking correctness, security, or spec-alignment concerns found in the annotated diff.

Verdict

Found: 0 critical, 0 important, 0 suggestions

Approve

Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).

Powered by Oz

@dependabot
dependabot Bot force-pushed the dependabot/cargo/cargo-3dbbdd6e02 branch from 94ba79b to ac7b0cb Compare July 16, 2026 20:16
Bumps the cargo group with 2 updates in the / directory: [diesel](https://github.com/diesel-rs/diesel) and [serde_with](https://github.com/jonasbb/serde_with).


Updates `diesel` from 2.3.9 to 2.3.10
- [Release notes](https://github.com/diesel-rs/diesel/releases)
- [Changelog](https://github.com/diesel-rs/diesel/blob/main/CHANGELOG.md)
- [Commits](diesel-rs/diesel@v2.3.9...v2.3.10)

Updates `serde_with` from 2.3.3 to 3.21.0
- [Release notes](https://github.com/jonasbb/serde_with/releases)
- [Commits](jonasbb/serde_with@v2.3.3...v3.21.0)

---
updated-dependencies:
- dependency-name: diesel
  dependency-version: 2.3.10
  dependency-type: direct:production
- dependency-name: serde_with
  dependency-version: 3.21.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/cargo/cargo-3dbbdd6e02 branch from ac7b0cb to 912bdff Compare July 16, 2026 21:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

cla-signed dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants