Skip to content

chore: bump up deps (sqlx 0.9)#9

Closed
0xgleb wants to merge 1 commit into
masterfrom
chore/bump-up-deps
Closed

chore: bump up deps (sqlx 0.9)#9
0xgleb wants to merge 1 commit into
masterfrom
chore/bump-up-deps

Conversation

@0xgleb

@0xgleb 0xgleb commented Jun 5, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Motivation

Keep the crate current with upstream and let consumers (liquidity, issuance)
converge on a single sqlx version once they depend on event-sorcery. Closes
RAI-864.

Solution

Bumps workspace dependencies; sqlx 0.8.6 -> 0.9.0 is the only breaking bump,
the rest move within semver via cargo update (chrono 0.4.45, serde_json
1.0.150, and transitive deps).

  • sqlx 0.9 splits runtime-tokio-rustls into runtime-tokio + tls-rustls, so
    the feature set is updated in every manifest.
  • 0.9 gates dynamic query strings behind SqlSafeStr. SqlQueryFactory and
    projection queries are built at runtime, so each sqlx::query* over a
    non-'static string is wrapped in AssertSqlSafe (audited — every input is an
    internal table/column name, never user data).
  • The standalone example crates pin sqlx directly, so they are bumped to 0.9 too
    to stay compatible with the event-sorcery path dependency.
  • Verified with cargo nextest run --workspace, cargo clippy --workspace --all-targets --all-features, cargo fmt --check, and the per-example checks.

@coderabbitai

coderabbitai Bot commented Jun 5, 2026
edited
Loading

Copy link
Copy Markdown

Warning

Review limit reached

@0xgleb, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 23 minutes and 43 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 6cb0f30d-6397-4a3b-b267-75a528e89aee

📥 Commits

Reviewing files that changed from the base of the PR and between 1557172 and c151c42.

⛔ Files ignored due to path filters (3)
  • Cargo.lock is excluded by !**/*.lock
  • examples/complex/Cargo.lock is excluded by !**/*.lock
  • examples/simple/Cargo.lock is excluded by !**/*.lock
📒 Files selected for processing (8)
  • Cargo.toml
  • crates/event-sorcery/src/lib.rs
  • crates/event-sorcery/src/projection.rs
  • crates/sqlite-es/Cargo.toml
  • crates/sqlite-es/src/event_repository.rs
  • crates/sqlite-es/src/view_repository.rs
  • examples/complex/Cargo.toml
  • examples/simple/Cargo.toml
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/bump-up-deps

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@0xgleb Graphite App

0xgleb commented Jun 5, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator Author

How to use the Graphite Merge Queue

Add the label add-to-gt-merge-queue to this PR to add it to the merge queue.

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has required the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

@0xgleb 0xgleb self-assigned this Jun 5, 2026
@0xgleb 0xgleb force-pushed the chore/bump-up-deps branch 2 times, most recently from c8a9246 to f418054 Compare June 5, 2026 00:44
@0xgleb 0xgleb marked this pull request as ready for review June 5, 2026 00:44
@0xgleb 0xgleb mentioned this pull request Jun 5, 2026
Open
@0xgleb 0xgleb force-pushed the chore/bump-up-deps branch 3 times, most recently from 0dd1f45 to 7eb93f1 Compare June 5, 2026 00:47
@0xgleb 0xgleb added the chore label Jun 5, 2026 — with Graphite App
@0xgleb 0xgleb force-pushed the chore/bump-up-deps branch 3 times, most recently from b2718e8 to 6bb147e Compare June 5, 2026 01:00
@0xgleb 0xgleb mentioned this pull request Jun 5, 2026
Closed
@0xgleb 0xgleb force-pushed the chore/bump-up-deps branch from 6bb147e to 1bca65b Compare June 5, 2026 01:31
@0xgleb 0xgleb changed the title chore: bump up deps chore: bump up deps (sqlx 0.9) Jun 5, 2026
@linear-code

linear-code Bot commented Jun 5, 2026

Copy link
Copy Markdown

RAI-864

@0xgleb 0xgleb requested review from JuaniRios and findolor June 5, 2026 01:38
This was referenced Jun 5, 2026
Open
Open
Open
Open
Open
Open
@0xgleb 0xgleb requested review from JuaniRios and findolor June 8, 2026 22:43
@0xgleb 0xgleb changed the base branch from master to graphite-base/9 June 9, 2026 20:39
@0xgleb 0xgleb force-pushed the chore/bump-up-deps branch 2 times, most recently from 5edb8fc to 1bca65b Compare June 9, 2026 20:39
@0xgleb 0xgleb force-pushed the graphite-base/9 branch from 1e2151d to 1557172 Compare June 9, 2026 20:39
@0xgleb 0xgleb changed the base branch from graphite-base/9 to chore/pr-template June 9, 2026 20:39
@graphite-app graphite-app Bot changed the base branch from chore/pr-template to master June 9, 2026 20:40
@graphite-app

graphite-app Bot commented Jun 9, 2026
edited
Loading

Copy link
Copy Markdown

Merge activity

  • Jun 9, 8:40 PM UTC: Graphite rebased this pull request, because this pull request is set to merge when ready.
  • Jun 10, 5:25 PM UTC: 0xgleb added this pull request to the Graphite merge queue.
  • Jun 10, 5:26 PM UTC: CI is running for this pull request on a draft pull request (#21) due to your merge queue CI optimization settings.
  • Jun 10, 5:30 PM UTC: Merged by the Graphite merge queue via draft PR: #21.

@0xgleb 0xgleb mentioned this pull request Jun 9, 2026
Closed
@0xgleb 0xgleb force-pushed the chore/bump-up-deps branch from 1bca65b to bfb4203 Compare June 9, 2026 21:22
@0xgleb 0xgleb requested review from JuaniRios and findolor June 9, 2026 22:20
@0xgleb 0xgleb force-pushed the chore/bump-up-deps branch from bfb4203 to c151c42 Compare June 9, 2026 22:56
This was referenced Jun 9, 2026
Closed
Open
Open
findolor
findolor approved these changes Jun 10, 2026
View reviewed changes

@findolor findolor left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved.

@graphite-app graphite-app Bot closed this Jun 10, 2026
@graphite-app graphite-app Bot deleted the chore/bump-up-deps branch June 10, 2026 17:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@findolor findolor findolor approved these changes

@JuaniRios JuaniRios JuaniRios approved these changes

Assignees

@0xgleb 0xgleb

Labels

chore

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@0xgleb @findolor @JuaniRios