Upgrade to arium with sqlx 0.9
Upgrade to arium with sqlx 0.9
#28 in Riparion/riparion-cms — merged 2026-06-01
What
arium's main now ships on sqlx 0.9 (pulled in by its axum_session 0.16→0.20 bump). This upgrades riparion-cms to match:
Cargo.toml:sqlx0.8.6 → 0.9Cargo.lock: re-resolved —arium-dioxusre-pinned to the new ariummain, axum_session 0.20 / sqlx 0.9 throughout- db layer: wrapped every runtime-built SQL string in
sqlx::AssertSqlSafe(31 sites across 9 files)
Why AssertSqlSafe is safe here
sqlx 0.9 adds a SqlSafeStr bound to query/query_as/query_scalar that only accepts &'static str, forcing an explicit opt-out for runtime-built strings. Each site was audited individually: the only interpolated parts are compile-time constants (POST_CARD_COLUMNS, NOW, RANDOM_HEX_16, …), $N placeholder fragments (dialect::now_offset, generated $1,$2,… lists), and a whitelisted ORDER BY match. All user-supplied values go through .bind(...). No query was restructured.
Verification (local)
| Target | Result |
|---|---|
server,sqlite |
compiles, clippy --all-targets -D warnings, 26 tests pass |
server,postgres |
compiles |
web (wasm32) |
compiles |
cargo fmt --check |
clean |
🤖 Generated with Claude Code
Last updated 2026-06-02
Links to this note
Credits
Merged pull requests, newest first.