Skip to content

[pull] master from hasura:master#7

Open
pull[bot] wants to merge 1644 commits into
13banda:masterfrom
hasura:master
Open

[pull] master from hasura:master#7
pull[bot] wants to merge 1644 commits into
13banda:masterfrom
hasura:master

Conversation

@pull

@pull pull Bot commented Jun 4, 2024

Copy link
Copy Markdown

See Commits and Changes for more details.


Created by pull[bot]

Can you help keep this open source service alive? 💖 Please sponsor : )

jberryman and others added 28 commits September 10, 2025 15:54
PR-URL: hasura/graphql-engine-mono#11332
GitOrigin-RevId: 64269ae1527b66e4435e2b7dab7cdad26f6c662a
GITHUB_PR_NUMBER: 10730
GITHUB_PR_URL: #10730

PR-URL: hasura/graphql-engine-mono#11260
Co-authored-by: Emmanuel Ferdman <35470921+emmanuel-ferdman@users.noreply.github.com>
GitOrigin-RevId: 5a0d43817602ba3155b20bbef497f16436411dd3
PR-URL: hasura/graphql-engine-mono#11334
GitOrigin-RevId: 13dc216c7106941766d3f3f01c89a9b6663fbd3e
<!-- The PR description should answer 2 important questions: -->

### What

#### SQL Views Support

Added support for SQL views in metadata, allowing users to define
reusable SQL queries as views that can be queried through the `/v1/sql`
endpoint.

#### Metadata Format

Views are defined using the `View` metadata object:

```json
{
  "kind": "View",
  "version": "v1",
  "definition": {
    "name": "customer_summary",
    "sqlExpression": "SELECT customer_id, COUNT(*) as order_count FROM orders GROUP BY customer_id",
    "description": "Summary of customer orders"
  }
}
```

#### Usage

Views can be queried via the SQL endpoint like regular models.

<!-- What is this PR trying to accomplish (and why, if it's not
obvious)? -->

<!-- Consider: do we need to add a changelog entry? -->

<!-- Does this PR introduce new validation that might break old builds?
-->

<!-- Consider: do we need to put new checks behind a flag? -->

### How

<!-- How is it trying to accomplish it (what are the implementation
steps)? -->

---------

Co-authored-by: Daniel Harvey <danieljamesharvey@gmail.com>
V3_GIT_ORIGIN_REV_ID: c7239d8245c91a5856d0791bc1c883cd74548543
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.219 to
1.0.223.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/serde-rs/serde/releases">serde's
releases</a>.</em></p>
<blockquote>
<h2>v1.0.223</h2>
<ul>
<li>Fix serde_core documentation links (<a
href="https://redirect.github.com/serde-rs/serde/issues/2978">#2978</a>)</li>
</ul>
<h2>v1.0.222</h2>
<ul>
<li>Make <code>serialize_with</code> attribute produce code that works
if respanned to 2024 edition (<a
href="https://redirect.github.com/serde-rs/serde/issues/2950">#2950</a>,
thanks <a href="https://github.com/aytey"><code>@​aytey</code></a>)</li>
</ul>
<h2>v1.0.221</h2>
<ul>
<li>Documentation improvements (<a
href="https://redirect.github.com/serde-rs/serde/issues/2973">#2973</a>)</li>
<li>Deprecate <code>serde_if_integer128!</code> macro (<a
href="https://redirect.github.com/serde-rs/serde/issues/2975">#2975</a>)</li>
</ul>
<h2>v1.0.220</h2>
<ul>
<li>Add a way for data formats to depend on serde traits without waiting
for serde_derive compilation: <a
href="https://docs.rs/serde_core">https://docs.rs/serde_core</a> (<a
href="https://redirect.github.com/serde-rs/serde/issues/2608">#2608</a>,
thanks <a
href="https://github.com/osiewicz"><code>@​osiewicz</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/serde-rs/serde/commit/6c316d7cb5f3780d2a418d277a756516beeacc42"><code>6c316d7</code></a>
Release 1.0.223</li>
<li><a
href="https://github.com/serde-rs/serde/commit/a4ac0c2bc6625ee83ddf4b35f11eca48f90ebae2"><code>a4ac0c2</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/serde/issues/2978">#2978</a>
from dtolnay/htmlrooturl</li>
<li><a
href="https://github.com/serde-rs/serde/commit/ed76364f877a6ebc653a0339dcea89b9e3cc7507"><code>ed76364</code></a>
Change serde_core's html_root_url to docs.rs/serde_core</li>
<li><a
href="https://github.com/serde-rs/serde/commit/57e21a1afa280ae982f19aea2776318fbcd711be"><code>57e21a1</code></a>
Release 1.0.222</li>
<li><a
href="https://github.com/serde-rs/serde/commit/bb58726133fb30b89ccea3e357eb91f4b2d460a0"><code>bb58726</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/serde/issues/2950">#2950</a>
from aytey/fix_lifetime_issue_2024</li>
<li><a
href="https://github.com/serde-rs/serde/commit/3f6925125bae7837d918da63f2dba6efabad8dec"><code>3f69251</code></a>
Delete unneeded field of MapDeserializer</li>
<li><a
href="https://github.com/serde-rs/serde/commit/fd4decf2fe36a8e4408aefc493960141b8b0cd02"><code>fd4decf</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/serde/issues/2976">#2976</a>
from dtolnay/content</li>
<li><a
href="https://github.com/serde-rs/serde/commit/00b1b6b2b5e6154eba81e2ad8c6a43b945583ad0"><code>00b1b6b</code></a>
Move Content's Deserialize impl from serde_core to serde</li>
<li><a
href="https://github.com/serde-rs/serde/commit/cf141aa8c79a40fe7b7c5ac5dbfd28802f2e01f4"><code>cf141aa</code></a>
Move Content's Clone impl from serde_core to serde</li>
<li><a
href="https://github.com/serde-rs/serde/commit/ff3aee490abff5267cac86f07e0301aa6d441760"><code>ff3aee4</code></a>
Release 1.0.221</li>
<li>Additional commits viewable in <a
href="https://github.com/serde-rs/serde/compare/v1.0.219...v1.0.223">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=serde&package-manager=cargo&previous-version=1.0.219&new-version=1.0.223)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
V3_GIT_ORIGIN_REV_ID: 4875a437008422b4fbbe736af4adf41d36274717
Bumps [serde_path_to_error](https://github.com/dtolnay/path-to-error)
from 0.1.17 to 0.1.19.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dtolnay/path-to-error/releases">serde_path_to_error's
releases</a>.</em></p>
<blockquote>
<h2>0.1.19</h2>
<ul>
<li>Raise serde version requirement to &gt;=1.0.220</li>
</ul>
<h2>0.1.18</h2>
<ul>
<li>Switch serde dependency to serde_core (<a
href="https://redirect.github.com/dtolnay/path-to-error/issues/35">#35</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/dtolnay/path-to-error/commit/6b45d3d50dd3a833f54c52fe88063fe2a75d82c5"><code>6b45d3d</code></a>
Release 0.1.19</li>
<li><a
href="https://github.com/dtolnay/path-to-error/commit/4d296f58948db708455a6b0e35d79db26607fe56"><code>4d296f5</code></a>
Add serde version constraint</li>
<li><a
href="https://github.com/dtolnay/path-to-error/commit/9e9c2982a9101ba25818a47aaf935e5f757f176e"><code>9e9c298</code></a>
Release 0.1.18</li>
<li><a
href="https://github.com/dtolnay/path-to-error/commit/caf49d38927dd0a96733f8351894629274a0b94e"><code>caf49d3</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/path-to-error/issues/35">#35</a>
from dtolnay/serdecore</li>
<li><a
href="https://github.com/dtolnay/path-to-error/commit/adf449fd7e798a225b028beb27a0f51276ffc05c"><code>adf449f</code></a>
Switch serde dependency to serde_core</li>
<li><a
href="https://github.com/dtolnay/path-to-error/commit/9cf730fa854d83762541b826ec7468a37458b62f"><code>9cf730f</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/path-to-error/issues/36">#36</a>
from dtolnay/up</li>
<li><a
href="https://github.com/dtolnay/path-to-error/commit/07b007cd8a37b6caed599bc268e7b92c0370b3c8"><code>07b007c</code></a>
Ignore uninlined_format_args pedantic clippy lint</li>
<li><a
href="https://github.com/dtolnay/path-to-error/commit/04edeea3af71aeb276a12bd8b5861898c676d11c"><code>04edeea</code></a>
Raise required compiler to Rust 1.61</li>
<li><a
href="https://github.com/dtolnay/path-to-error/commit/356f187cb65730b723c8a91ddd14066d83afbc95"><code>356f187</code></a>
Update actions/checkout@v4 -&gt; v5</li>
<li><a
href="https://github.com/dtolnay/path-to-error/commit/bbbaa2d1a2b94902803a238c8601955ce2778c07"><code>bbbaa2d</code></a>
Revert &quot;Pin nightly toolchain used for miri job&quot;</li>
<li>Additional commits viewable in <a
href="https://github.com/dtolnay/path-to-error/compare/0.1.17...0.1.19">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=serde_path_to_error&package-manager=cargo&previous-version=0.1.17&new-version=0.1.19)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
V3_GIT_ORIGIN_REV_ID: a3e988f96271eb083ef5d2b9e55591d7614d9504
Bumps [indexmap](https://github.com/indexmap-rs/indexmap) from 2.11.0 to
2.11.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/indexmap-rs/indexmap/blob/main/RELEASES.md">indexmap's
changelog</a>.</em></p>
<blockquote>
<h2>2.11.1 (2025-09-08)</h2>
<ul>
<li>Added a <code>get_key_value_mut</code> method to
<code>IndexMap</code>.</li>
<li>Removed the unnecessary <code>Ord</code> bound on
<code>insert_sorted_by</code> methods.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/indexmap-rs/indexmap/commit/f33f4d9d64b87be51dc3a957b755ffe7790dc8e5"><code>f33f4d9</code></a>
Merge pull request <a
href="https://redirect.github.com/indexmap-rs/indexmap/issues/413">#413</a>
from cuviper/release-2.11.1</li>
<li><a
href="https://github.com/indexmap-rs/indexmap/commit/4c680a7dfa4c25ad21979ace9a2709337321caf7"><code>4c680a7</code></a>
Release 2.11.1</li>
<li><a
href="https://github.com/indexmap-rs/indexmap/commit/b7005225c1a291c08f544435709ee3d0f379744b"><code>b700522</code></a>
Merge pull request <a
href="https://redirect.github.com/indexmap-rs/indexmap/issues/411">#411</a>
from ya7010/add_get_key_value_mut</li>
<li><a
href="https://github.com/indexmap-rs/indexmap/commit/01f3ef0d4723ef297d6b27aa891b23c6a11f751b"><code>01f3ef0</code></a>
Make <code>IndexMap::get_*</code> docs more consistent</li>
<li><a
href="https://github.com/indexmap-rs/indexmap/commit/cd4c1a53015aaf5e77241bddd70c523711fae090"><code>cd4c1a5</code></a>
feat: add IndexMap::get_key_value_mut</li>
<li><a
href="https://github.com/indexmap-rs/indexmap/commit/48a98b70f932037c0e3387fc83f811a138e1eb70"><code>48a98b7</code></a>
Merge pull request <a
href="https://redirect.github.com/indexmap-rs/indexmap/issues/412">#412</a>
from andymandias/relax-trait-bounds</li>
<li><a
href="https://github.com/indexmap-rs/indexmap/commit/2be44878bee3941d7df896ff49cb7c176f06da8e"><code>2be4487</code></a>
Remove Ord trait bound on insert_sorted_by functions.</li>
<li>See full diff in <a
href="https://github.com/indexmap-rs/indexmap/compare/2.11.0...2.11.1">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=indexmap&package-manager=cargo&previous-version=2.11.0&new-version=2.11.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
V3_GIT_ORIGIN_REV_ID: cbaf66dc2eb82f3df5871d3fb9b0f7d79fb0bb28
Bumps [semver](https://github.com/dtolnay/semver) from 1.0.26 to 1.0.27.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dtolnay/semver/releases">semver's
releases</a>.</em></p>
<blockquote>
<h2>1.0.27</h2>
<ul>
<li>Switch serde dependency to serde_core (<a
href="https://redirect.github.com/dtolnay/semver/issues/333">#333</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/dtolnay/semver/commit/6ed8561154715b2c34df417a2052597d586f2c43"><code>6ed8561</code></a>
Release 1.0.27</li>
<li><a
href="https://github.com/dtolnay/semver/commit/6967bba0e2f09b9ead04e4c9e6bc3991fd9fe078"><code>6967bba</code></a>
Add serde version constraint</li>
<li><a
href="https://github.com/dtolnay/semver/commit/84d30574ff1460c741539ef934339219d972afe0"><code>84d3057</code></a>
Exclude build.rs from crates.io package</li>
<li><a
href="https://github.com/dtolnay/semver/commit/b09aac935dcc468f76f1b80a1c5ff9645ddb51d1"><code>b09aac9</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/semver/issues/343">#343</a>
from dtolnay/up</li>
<li><a
href="https://github.com/dtolnay/semver/commit/49b8570e3495a415edbeda1b627ef028935c0386"><code>49b8570</code></a>
Delete backport module</li>
<li><a
href="https://github.com/dtolnay/semver/commit/9b04afee2f5df8912d518346365ce564827ff33b"><code>9b04afe</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/semver/issues/342">#342</a>
from dtolnay/up</li>
<li><a
href="https://github.com/dtolnay/semver/commit/83a8e91dba4917e3a0b4aaff1b4e3c4f052da1c0"><code>83a8e91</code></a>
Delete no_nonzero_bitscan configuration</li>
<li><a
href="https://github.com/dtolnay/semver/commit/e606a17855ae10f8a788c4057acaf650a8e69d49"><code>e606a17</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/semver/issues/341">#341</a>
from dtolnay/up</li>
<li><a
href="https://github.com/dtolnay/semver/commit/ebe7cf18971686bedfab3e617b9dcb2eacbcdc01"><code>ebe7cf1</code></a>
Delete no_unsafe_op_in_unsafe_fn_lint configuration</li>
<li><a
href="https://github.com/dtolnay/semver/commit/a381bff0447df3cdf8ba3b152abe4234001bfd4b"><code>a381bff</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/semver/issues/340">#340</a>
from dtolnay/up</li>
<li>Additional commits viewable in <a
href="https://github.com/dtolnay/semver/compare/1.0.26...1.0.27">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=semver&package-manager=cargo&previous-version=1.0.26&new-version=1.0.27)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
V3_GIT_ORIGIN_REV_ID: 4c6e24da9743a1938eecf99620a75b10c49bf1eb
PR-URL: hasura/graphql-engine-mono#11335
GitOrigin-RevId: d76fb6d966b85e2f4889801bc310fa1ff7d04170
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.41 to
0.4.42.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/chronotope/chrono/releases">chrono's
releases</a>.</em></p>
<blockquote>
<h2>0.4.42</h2>
<h2>What's Changed</h2>
<ul>
<li>Add fuzzer for DateTime::parse_from_str by <a
href="https://github.com/tyler92"><code>@​tyler92</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1700">chronotope/chrono#1700</a></li>
<li>Fix wrong amount of micro/milliseconds by <a
href="https://github.com/nmlt"><code>@​nmlt</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1703">chronotope/chrono#1703</a></li>
<li>Add warning about MappedLocalTime and wasm by <a
href="https://github.com/lutzky"><code>@​lutzky</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1702">chronotope/chrono#1702</a></li>
<li>Fix incorrect parsing of fixed-length second fractions by <a
href="https://github.com/chris-leach"><code>@​chris-leach</code></a> in
<a
href="https://redirect.github.com/chronotope/chrono/pull/1705">chronotope/chrono#1705</a></li>
<li>Fix cfgs for <code>wasm32-linux</code> support by <a
href="https://github.com/arjunr2"><code>@​arjunr2</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1707">chronotope/chrono#1707</a></li>
<li>Fix OpenHarmony's <code>tzdata</code> parsing by <a
href="https://github.com/ldm0"><code>@​ldm0</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1679">chronotope/chrono#1679</a></li>
<li>Convert NaiveDate to/from days since unix epoch by <a
href="https://github.com/findepi"><code>@​findepi</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1715">chronotope/chrono#1715</a></li>
<li>Add <code>?Sized</code> bound to related methods of
<code>DelayedFormat::write_to</code> by <a
href="https://github.com/Huliiiiii"><code>@​Huliiiiii</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1721">chronotope/chrono#1721</a></li>
<li>Add <code>from_timestamp_secs</code> method to <code>DateTime</code>
by <a href="https://github.com/jasonaowen"><code>@​jasonaowen</code></a>
in <a
href="https://redirect.github.com/chronotope/chrono/pull/1719">chronotope/chrono#1719</a></li>
<li>Migrate to core::error::Error by <a
href="https://github.com/benbrittain"><code>@​benbrittain</code></a> in
<a
href="https://redirect.github.com/chronotope/chrono/pull/1704">chronotope/chrono#1704</a></li>
<li>Upgrade to windows-bindgen 0.63 by <a
href="https://github.com/djc"><code>@​djc</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1730">chronotope/chrono#1730</a></li>
<li>strftime: simplify error handling by <a
href="https://github.com/djc"><code>@​djc</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1731">chronotope/chrono#1731</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/chronotope/chrono/commit/f3fd15f976c8c8e56d97eda6237af4d485ba2297"><code>f3fd15f</code></a>
Bump version to 0.4.42</li>
<li><a
href="https://github.com/chronotope/chrono/commit/5cf56035007f291b1b8f457fa3bfc79fb367419a"><code>5cf5603</code></a>
strftime: add regression test case</li>
<li><a
href="https://github.com/chronotope/chrono/commit/a6231701ee934cbbeb595fe71328fcbbf1b584d5"><code>a623170</code></a>
strftime: simplify error handling</li>
<li><a
href="https://github.com/chronotope/chrono/commit/36fbfb1221da05b1482eb9dd18254e6bd736cb31"><code>36fbfb1</code></a>
strftime: move specifier handling out of match to reduce rightward
drift</li>
<li><a
href="https://github.com/chronotope/chrono/commit/7f413c363b74e293d495dc6109335c02dda9d629"><code>7f413c3</code></a>
strftime: yield None early</li>
<li><a
href="https://github.com/chronotope/chrono/commit/9d5dfe164098186bfff8af7d5eecbb05d7712d4d"><code>9d5dfe1</code></a>
strftime: outline constants</li>
<li><a
href="https://github.com/chronotope/chrono/commit/e5f6be7db4a0c2756cad0a7c8186a5a180873f7a"><code>e5f6be7</code></a>
strftime: move error() method below caller</li>
<li><a
href="https://github.com/chronotope/chrono/commit/d516c2764d74e467fa37e25e8e88d5633478bafa"><code>d516c27</code></a>
strftime: merge impl blocks</li>
<li><a
href="https://github.com/chronotope/chrono/commit/0ee2172fb92df4e0be4cf7a733c860226eec37a0"><code>0ee2172</code></a>
strftime: re-order items to keep impls together</li>
<li><a
href="https://github.com/chronotope/chrono/commit/757a8b0226e9c0a23b5334c7dc0986f1e487b8ac"><code>757a8b0</code></a>
Upgrade to windows-bindgen 0.63</li>
<li>Additional commits viewable in <a
href="https://github.com/chronotope/chrono/compare/v0.4.41...v0.4.42">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chrono&package-manager=cargo&previous-version=0.4.41&new-version=0.4.42)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
V3_GIT_ORIGIN_REV_ID: 27d513a4eb68601ec7c9beeedcf6587f2bb5864b
…ip (#2192)

The LHS headers were getting lost, keep them.

V3_GIT_ORIGIN_REV_ID: 1dea4b42fb66a39700cab2559d171e7bc11cba8b
Bumps [indexmap](https://github.com/indexmap-rs/indexmap) from 2.11.1 to
2.11.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/indexmap-rs/indexmap/blob/main/RELEASES.md">indexmap's
changelog</a>.</em></p>
<blockquote>
<h2>2.11.4 (2025-09-18)</h2>
<ul>
<li>Updated the <code>hashbrown</code> dependency to a range allowing
0.15 or 0.16.</li>
</ul>
<h2>2.11.3 (2025-09-15)</h2>
<ul>
<li>Make the minimum <code>serde</code> version only apply when
&quot;serde&quot; is enabled.</li>
</ul>
<h2>2.11.2 (2025-09-15)</h2>
<ul>
<li>Switched the &quot;serde&quot; feature to depend on
<code>serde_core</code>, improving build
parallelism in cases where other dependents have enabled
&quot;serde/derive&quot;.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/indexmap-rs/indexmap/commit/03f9e58626ad7ef811b1522097bced2400c18b1a"><code>03f9e58</code></a>
Merge pull request <a
href="https://redirect.github.com/indexmap-rs/indexmap/issues/418">#418</a>
from a1phyr/hashbrown_0.16</li>
<li><a
href="https://github.com/indexmap-rs/indexmap/commit/ee6080d480eea3b738757c6bff1bb21b440f3849"><code>ee6080d</code></a>
Release 2.11.4</li>
<li><a
href="https://github.com/indexmap-rs/indexmap/commit/a7da8f181e81f8a37bc46936bf2d1d6db14edddc"><code>a7da8f1</code></a>
Use a range for hashbrown</li>
<li><a
href="https://github.com/indexmap-rs/indexmap/commit/0cd5aefb4434fb495cb87ba5de50870d331558fc"><code>0cd5aef</code></a>
Update <code>hashbrown</code> to 0.16</li>
<li><a
href="https://github.com/indexmap-rs/indexmap/commit/fd5c819daf8c3c62919ec0bbc777a571ee20ae5a"><code>fd5c819</code></a>
Merge pull request <a
href="https://redirect.github.com/indexmap-rs/indexmap/issues/417">#417</a>
from cuviper/release-2.11.3</li>
<li><a
href="https://github.com/indexmap-rs/indexmap/commit/9321145e1f517f31969c0d9ab5a5171cc23c3daf"><code>9321145</code></a>
Release 2.11.3</li>
<li><a
href="https://github.com/indexmap-rs/indexmap/commit/7b485688c299ed840d900b5a33aed33a1924a7c9"><code>7b48568</code></a>
Merge pull request <a
href="https://redirect.github.com/indexmap-rs/indexmap/issues/416">#416</a>
from cuviper/release-2.11.2</li>
<li><a
href="https://github.com/indexmap-rs/indexmap/commit/49ce7fa4716e24cf9380653a40d88b5186f2f555"><code>49ce7fa</code></a>
Release 2.11.2</li>
<li><a
href="https://github.com/indexmap-rs/indexmap/commit/58fd834804415879eb9be862291eba03e945e32a"><code>58fd834</code></a>
Merge pull request <a
href="https://redirect.github.com/indexmap-rs/indexmap/issues/414">#414</a>
from DaniPopes/serde_core</li>
<li><a
href="https://github.com/indexmap-rs/indexmap/commit/5dc1d6ab3105739ae61039f422e5246f0eee4f64"><code>5dc1d6a</code></a>
Depend on <code>serde_core</code> instead of <code>serde</code></li>
<li>Additional commits viewable in <a
href="https://github.com/indexmap-rs/indexmap/compare/2.11.1...2.11.4">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=indexmap&package-manager=cargo&previous-version=2.11.1&new-version=2.11.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
V3_GIT_ORIGIN_REV_ID: 3d7804ee9f4f9b982639a51902927abd716999a4
Bumps [serde_path_to_error](https://github.com/dtolnay/path-to-error)
from 0.1.19 to 0.1.20.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dtolnay/path-to-error/releases">serde_path_to_error's
releases</a>.</em></p>
<blockquote>
<h2>0.1.20</h2>
<ul>
<li>Support no-std (<a
href="https://redirect.github.com/dtolnay/path-to-error/issues/37">#37</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/dtolnay/path-to-error/commit/097ed8772815ab6a676ebf3998b6de4770af090d"><code>097ed87</code></a>
Release 0.1.20</li>
<li><a
href="https://github.com/dtolnay/path-to-error/commit/b01872e214f232c16323369dbc6cc00c4faed57e"><code>b01872e</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/path-to-error/issues/37">#37</a>
from dtolnay/nostd</li>
<li><a
href="https://github.com/dtolnay/path-to-error/commit/7d44c3f79e70275ae7e77aec67bc6b37acc24b9f"><code>7d44c3f</code></a>
Support no-std</li>
<li>See full diff in <a
href="https://github.com/dtolnay/path-to-error/compare/0.1.19...0.1.20">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=serde_path_to_error&package-manager=cargo&previous-version=0.1.19&new-version=0.1.20)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
V3_GIT_ORIGIN_REV_ID: e6b7c71984601c152a8f8abfcd30a492b71aa7a3
Bumps [lexical-core](https://github.com/Alexhuszagh/rust-lexical) from
1.0.5 to 1.0.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/Alexhuszagh/rust-lexical/blob/main/CHANGELOG">lexical-core's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>Notes significant changes to <code>lexical</code> and
<code>lexical-core</code>. The version specified is for
<code>lexical-core</code>.</p>
<p>The format is based on <a
href="https://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>,
and this project adheres to <a
href="https://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p>
<h2>[Unreleased]</h2>
<h3>Added</h3>
<ul>
<li>Additional trait impls for <code>f16</code> and <code>bf16</code> to
better match Rust's interface (<a
href="https://redirect.github.com/Alexhuszagh/rust-lexical/issues/192">#192</a>).</li>
<li>Added <code>Options::buffer_size_const</code> for integer and float
writers (<a
href="https://redirect.github.com/Alexhuszagh/rust-lexical/issues/204">#204</a>).</li>
<li>Added <code>build_checked</code> and <code>build_unchecked</code> to
our <code>NumberFormatBuilder</code> API (<a
href="https://redirect.github.com/Alexhuszagh/rust-lexical/issues/204">#204</a>).</li>
<li>Added <code>build_checked</code> to our <code>Options</code> API (<a
href="https://redirect.github.com/Alexhuszagh/rust-lexical/issues/204">#204</a>).</li>
<li>Added <code>has_digit_separator</code> to <code>NumberFormat</code>
(<a
href="https://redirect.github.com/Alexhuszagh/rust-lexical/issues/204">#204</a>).</li>
<li>Re-export <code>NumberFormat</code> to our other crates (<a
href="https://redirect.github.com/Alexhuszagh/rust-lexical/issues/204">#204</a>).</li>
<li>Add <code>Options::from_radix</code> for all options for similar
APIs for each (<a
href="https://redirect.github.com/Alexhuszagh/rust-lexical/issues/208">#208</a>).</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Lowered the MSRV from 1.63.0 to 1.61.0 and adds support for most
testing on 1.60.0 (<a
href="https://redirect.github.com/Alexhuszagh/rust-lexical/issues/204">#204</a>).</li>
<li>Reduced the required buffer size for integer and float writers when
using <code>buffer_size</code> and <code>buffer_size_const</code> for
decimal numbers (<a
href="https://redirect.github.com/Alexhuszagh/rust-lexical/issues/204">#204</a>).</li>
<li>Deprecated <code>NumberFormatBuilder::build</code> due to a lack of
validation (<a
href="https://redirect.github.com/Alexhuszagh/rust-lexical/issues/204">#204</a>).</li>
<li>Deprecated <code>Options::set_*</code> in our write float API since
options should be considered immutable (<a
href="https://redirect.github.com/Alexhuszagh/rust-lexical/issues/204">#204</a>).</li>
<li>Removed <code>static_assertions</code> dependency (<a
href="https://redirect.github.com/Alexhuszagh/rust-lexical/issues/204">#204</a>).</li>
<li>Migrate to using an external crate for our half-precision floats (<a
href="https://redirect.github.com/Alexhuszagh/rust-lexical/issues/198">#198</a>).</li>
<li>Simplify feature detection internally to make auto-doc more reliable
(<a
href="https://redirect.github.com/Alexhuszagh/rust-lexical/issues/207">#207</a>).</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Patch doctests with TODOs in dependencies (<a
href="https://redirect.github.com/Alexhuszagh/rust-lexical/issues/222">#222</a>).</li>
<li>CI with OSS-Fuzz for the deprecated
<code>actions/upload-artifact@v3</code> (<a
href="https://redirect.github.com/Alexhuszagh/rust-lexical/issues/221">#221</a>).</li>
<li>Float parsing on <code>i586</code> targets (<a
href="https://redirect.github.com/Alexhuszagh/rust-lexical/issues/219">#219</a>).</li>
<li>Bug where the <code>radix</code> feature wasn't enabling
<code>power-of-two</code> in <code>lexical-core</code> or
<code>lexical</code> (<a
href="https://redirect.github.com/Alexhuszagh/rust-lexical/issues/204">#204</a>).</li>
<li>Fixed performance issues due to a lack of inlining on the
Eisel-Lemire algorithm (<a
href="https://redirect.github.com/Alexhuszagh/rust-lexical/issues/210">#210</a>).</li>
<li>Issue with parsing non-decimal exponent radixes when using a decimal
mantissa radix for floating-point numbers (<a
href="https://redirect.github.com/Alexhuszagh/rust-lexical/issues/212">#212</a>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/Alexhuszagh/rust-lexical/commit/c37664bb94219505c0007d590454337f72411f70"><code>c37664b</code></a>
Increment high-level lexical version for release.</li>
<li><a
href="https://github.com/Alexhuszagh/rust-lexical/commit/ddfc0f6bfcc0085ff982f567f41f24a5541a14ea"><code>ddfc0f6</code></a>
Increment version for 1.0.6 release.</li>
<li><a
href="https://github.com/Alexhuszagh/rust-lexical/commit/57dfd21ce4c0aff47e315d090105f77b37f3f9bc"><code>57dfd21</code></a>
Merge pull request <a
href="https://redirect.github.com/Alexhuszagh/rust-lexical/issues/227">#227</a>
from Alexhuszagh/doc-fixes</li>
<li><a
href="https://github.com/Alexhuszagh/rust-lexical/commit/2f6b6bbf3cb2c02aa0ed3208f209dd664518021f"><code>2f6b6bb</code></a>
Ensure deprecated <code>parse</code> and <code>write</code> features
exist, but are unused.</li>
<li><a
href="https://github.com/Alexhuszagh/rust-lexical/commit/ef89a675571b2423c49120951076d5724e33fa63"><code>ef89a67</code></a>
Patch doc link references.</li>
<li><a
href="https://github.com/Alexhuszagh/rust-lexical/commit/c3dfaa26908cefe01b9cbadfedabe23056c62d71"><code>c3dfaa2</code></a>
Patch version dependencies for our test suite.</li>
<li><a
href="https://github.com/Alexhuszagh/rust-lexical/commit/be25b410b5fec21fe9610a4ce7f77941ee197632"><code>be25b41</code></a>
Fix clippy lints and minor documentation enhancements.</li>
<li><a
href="https://github.com/Alexhuszagh/rust-lexical/commit/988575dad6de2a9e86b34fff242c5f0a6e3dbf2c"><code>988575d</code></a>
Merge pull request <a
href="https://redirect.github.com/Alexhuszagh/rust-lexical/issues/219">#219</a>
from Alexhuszagh/issue_218</li>
<li><a
href="https://github.com/Alexhuszagh/rust-lexical/commit/709e6d7d1ebc981d13a8013ea5a6733092c9b31f"><code>709e6d7</code></a>
Patch use of <code>set_precision</code> on i586.</li>
<li><a
href="https://github.com/Alexhuszagh/rust-lexical/commit/0d9e16137cf55ebaca45efc9d1c73061f680dfb1"><code>0d9e161</code></a>
Merge pull request <a
href="https://redirect.github.com/Alexhuszagh/rust-lexical/issues/222">#222</a>
from Alexhuszagh/docs_todo</li>
<li>Additional commits viewable in <a
href="https://github.com/Alexhuszagh/rust-lexical/compare/1.0.5...1.0.6">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=lexical-core&package-manager=cargo&previous-version=1.0.5&new-version=1.0.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
V3_GIT_ORIGIN_REV_ID: 1b2fb15f001cdadfea97faa0d2a429ad2d63c693
Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.99 to
1.0.100.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dtolnay/anyhow/releases">anyhow's
releases</a>.</em></p>
<blockquote>
<h2>1.0.100</h2>
<ul>
<li>Teach clippy to lint formatting arguments in <code>bail!</code>,
<code>ensure!</code>, <code>anyhow!</code> (<a
href="https://redirect.github.com/dtolnay/anyhow/issues/426">#426</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/dtolnay/anyhow/commit/18c2598afa0f996f56217ef128aa3a20ea1e9512"><code>18c2598</code></a>
Release 1.0.100</li>
<li><a
href="https://github.com/dtolnay/anyhow/commit/f2719888cb2f4f033c441cf6723cea1c532c0c87"><code>f271988</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/anyhow/issues/426">#426</a>
from dtolnay/clippyfmt</li>
<li><a
href="https://github.com/dtolnay/anyhow/commit/52f2115a1fe22a79110747f19e35f01d52bdd1af"><code>52f2115</code></a>
Mark macros with clippy::format_args</li>
<li><a
href="https://github.com/dtolnay/anyhow/commit/da5fd9d5a33c2949bc3ee3075d8d6f9e224363d5"><code>da5fd9d</code></a>
Raise minimum tested compiler to rust 1.76</li>
<li><a
href="https://github.com/dtolnay/anyhow/commit/211e4092b7e1fb1c6f5d22063474e5b2f8dd0f16"><code>211e409</code></a>
Opt in to generate-macro-expansion when building on docs.rs</li>
<li><a
href="https://github.com/dtolnay/anyhow/commit/b48fc02c327c502a81fcc2b46318eb61fda6b7b3"><code>b48fc02</code></a>
Enforce trybuild &gt;= 1.0.108</li>
<li><a
href="https://github.com/dtolnay/anyhow/commit/d5f59fbd45db00982bc0ea490edbe331ef8cab26"><code>d5f59fb</code></a>
Update ui test suite to nightly-2025-09-07</li>
<li><a
href="https://github.com/dtolnay/anyhow/commit/238415d25b65dcf73ab2e3741d7adc56615af8c3"><code>238415d</code></a>
Update ui test suite to nightly-2025-08-24</li>
<li><a
href="https://github.com/dtolnay/anyhow/commit/3bab0709a347b90de15c5eaaf3779904cfcc1ac6"><code>3bab070</code></a>
Update actions/checkout@v4 -&gt; v5</li>
<li><a
href="https://github.com/dtolnay/anyhow/commit/42492546e3b5510378d0ee32b659fefee1f26158"><code>4249254</code></a>
Order cap-lints flag in the same order as thiserror build script</li>
<li>See full diff in <a
href="https://github.com/dtolnay/anyhow/compare/1.0.99...1.0.100">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=anyhow&package-manager=cargo&previous-version=1.0.99&new-version=1.0.100)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Daniel Harvey <danieljamesharvey@gmail.com>
V3_GIT_ORIGIN_REV_ID: 0831568d31f3a6413d8df4187d89b6f339624dce
Bumps [clap](https://github.com/clap-rs/clap) from 4.5.47 to 4.5.48.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/clap-rs/clap/releases">clap's
releases</a>.</em></p>
<blockquote>
<h2>v4.5.48</h2>
<h2>[4.5.48] - 2025-09-19</h2>
<h3>Documentation</h3>
<ul>
<li>Add a new CLI Concepts document as another way of framing clap</li>
<li>Expand the <code>typed_derive</code> cookbook entry</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/clap-rs/clap/blob/master/CHANGELOG.md">clap's
changelog</a>.</em></p>
<blockquote>
<h2>[4.5.48] - 2025-09-19</h2>
<h3>Documentation</h3>
<ul>
<li>Add a new CLI Concepts document as another way of framing clap</li>
<li>Expand the <code>typed_derive</code> cookbook entry</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/clap-rs/clap/commit/c3a1ddc1182fa7cf2cfe6d6dba4f76db83d48178"><code>c3a1ddc</code></a>
chore: Release</li>
<li><a
href="https://github.com/clap-rs/clap/commit/4460ff44b375c8d596fb70b848ff401fe12942c0"><code>4460ff4</code></a>
docs: Update changelog</li>
<li><a
href="https://github.com/clap-rs/clap/commit/54947a1b4bc70745cd5787fb92a830081c6ed291"><code>54947a1</code></a>
Merge pull request <a
href="https://redirect.github.com/clap-rs/clap/issues/5981">#5981</a>
from mernen/fix-bash-clap-complete-space</li>
<li><a
href="https://github.com/clap-rs/clap/commit/fd3f6d271defef2aa2f111555a005689f71f6acb"><code>fd3f6d2</code></a>
fix(complete): Restore nospace in bash</li>
<li><a
href="https://github.com/clap-rs/clap/commit/2f6a1083d94b832af96b791fc934beb043a969cb"><code>2f6a108</code></a>
test(complete): Demonstrate current behavior</li>
<li><a
href="https://github.com/clap-rs/clap/commit/f88be5738e33018f3298fabb7b67835eefbc55e0"><code>f88be57</code></a>
style: Ensure consistent newlines</li>
<li><a
href="https://github.com/clap-rs/clap/commit/f209bce2203498e743b171b7ac64f0fb9d3ae590"><code>f209bce</code></a>
chore: Release</li>
<li><a
href="https://github.com/clap-rs/clap/commit/f33ff7f81ab78c227a127fbd2dbd0fed1455a6fb"><code>f33ff7f</code></a>
docs: Update changelog</li>
<li><a
href="https://github.com/clap-rs/clap/commit/bf06e6f8f6efc5af03a52c5e4cfea39c682aa500"><code>bf06e6f</code></a>
Merge pull request <a
href="https://redirect.github.com/clap-rs/clap/issues/5974">#5974</a>
from kryvashek/support-clearing-args-matches</li>
<li><a
href="https://github.com/clap-rs/clap/commit/5d357ada532d430290c2de14c918833564f12795"><code>5d357ad</code></a>
feat(parser): Added ArgMatches::try_clear_id()</li>
<li>Additional commits viewable in <a
href="https://github.com/clap-rs/clap/compare/clap_complete-v4.5.47...clap_complete-v4.5.48">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=clap&package-manager=cargo&previous-version=4.5.47&new-version=4.5.48)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
V3_GIT_ORIGIN_REV_ID: 53d24fcac97515a67c9b2c2a7b5e1bcd8f8ae6a3
V3_GIT_ORIGIN_REV_ID: 763c29d397fe1aa5570fa32f9ffd597fee5cea1b
)

<!-- The PR description should answer 2 important questions: -->

### What

This is the first step in allowing Parquet and CSV files to be streamed
through engine, from S3 or our own artifact store. For now, it's only
enabled for tests and for the local dev server. Multitenant server
integration is TBD.

<!-- What is this PR trying to accomplish (and why, if it's not
obvious)? -->

<!-- Consider: do we need to add a changelog entry? -->

<!-- Does this PR introduce new validation that might break old builds?
-->

<!-- Consider: do we need to put new checks behind a flag? -->

### How

<!-- How is it trying to accomplish it (what are the implementation
steps)? -->

V3_GIT_ORIGIN_REV_ID: a0fb2ae951fda4ba2ee439f9c5b49dda19794752
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.223 to
1.0.228.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/serde-rs/serde/releases">serde's
releases</a>.</em></p>
<blockquote>
<h2>v1.0.228</h2>
<ul>
<li>Allow building documentation with
<code>RUSTDOCFLAGS='--cfg=docsrs'</code> set for the whole dependency
graph (<a
href="https://redirect.github.com/serde-rs/serde/issues/2995">#2995</a>)</li>
</ul>
<h2>v1.0.227</h2>
<ul>
<li>Documentation improvements (<a
href="https://redirect.github.com/serde-rs/serde/issues/2991">#2991</a>)</li>
</ul>
<h2>v1.0.226</h2>
<ul>
<li>Deduplicate variant matching logic inside generated Deserialize impl
for adjacently tagged enums (<a
href="https://redirect.github.com/serde-rs/serde/issues/2935">#2935</a>,
thanks <a
href="https://github.com/Mingun"><code>@​Mingun</code></a>)</li>
</ul>
<h2>v1.0.225</h2>
<ul>
<li>Avoid triggering a deprecation warning in derived Serialize and
Deserialize impls for a data structure that contains its own
deprecations (<a
href="https://redirect.github.com/serde-rs/serde/issues/2879">#2879</a>,
thanks <a
href="https://github.com/rcrisanti"><code>@​rcrisanti</code></a>)</li>
</ul>
<h2>v1.0.224</h2>
<ul>
<li>Remove private types being suggested in rustc diagnostics (<a
href="https://redirect.github.com/serde-rs/serde/issues/2979">#2979</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/serde-rs/serde/commit/a866b336f14aa57a07f0d0be9f8762746e64ecb4"><code>a866b33</code></a>
Release 1.0.228</li>
<li><a
href="https://github.com/serde-rs/serde/commit/5adc9e816c155473ec66b6641fc81529a5ef3868"><code>5adc9e8</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/serde/issues/2995">#2995</a>
from dtolnay/rustdocflags</li>
<li><a
href="https://github.com/serde-rs/serde/commit/ab581789f4aa6a92f8e149f3086040342dfaddcf"><code>ab58178</code></a>
Workaround for RUSTDOCFLAGS='--cfg=docsrs'</li>
<li><a
href="https://github.com/serde-rs/serde/commit/415d9fc5601add94aac3c1882bd63e3f555ce2a2"><code>415d9fc</code></a>
Release 1.0.227</li>
<li><a
href="https://github.com/serde-rs/serde/commit/7c58427e1259566b4835444951ff79406c75205f"><code>7c58427</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/serde/issues/2991">#2991</a>
from dtolnay/inlinecoredoc</li>
<li><a
href="https://github.com/serde-rs/serde/commit/9d3410e3f4e38f9ea1a798e7ae9fab71577ab31b"><code>9d3410e</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/serde/issues/2992">#2992</a>
from dtolnay/inplaceseed</li>
<li><a
href="https://github.com/serde-rs/serde/commit/2fb6748bf1ff939a2208d70b26708ddc75ab2e88"><code>2fb6748</code></a>
Remove InPlaceSeed public re-export</li>
<li><a
href="https://github.com/serde-rs/serde/commit/f8137c79a20137c9483d21d3c8e628e83d3b91ba"><code>f8137c7</code></a>
Inline serde_core into serde in docsrs mode</li>
<li><a
href="https://github.com/serde-rs/serde/commit/b7dbf7e3cb53bc9b9442047229e4f125bb07783e"><code>b7dbf7e</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/serde/issues/2990">#2990</a>
from dtolnay/integer128</li>
<li><a
href="https://github.com/serde-rs/serde/commit/7c836915fc8d6fab4990764096e53e9a668cf3df"><code>7c83691</code></a>
No longer macro_use integer128 module</li>
<li>Additional commits viewable in <a
href="https://github.com/serde-rs/serde/compare/v1.0.223...v1.0.228">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=serde&package-manager=cargo&previous-version=1.0.223&new-version=1.0.228)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
V3_GIT_ORIGIN_REV_ID: 722ce589017a7e9d5087326d1d5c58de3a5c7a61
Bumps [moka](https://github.com/moka-rs/moka) from 0.12.10 to 0.12.11.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/moka-rs/moka/blob/main/CHANGELOG.md">moka's
changelog</a>.</em></p>
<blockquote>
<h2>Version 0.12.11</h2>
<h3>Added</h3>
<ul>
<li>Support <code>Equivalent</code> trait for the key type
<code>K</code> of the caches.
(<a
href="https://redirect.github.com/moka-rs/moka/issues/492">#492</a>[gh-pull-0492])</li>
<li>Added the <code>jittered_expiry_policy</code> example (<a
href="https://redirect.github.com/moka-rs/moka/issues/489">#489</a>[gh-pull-0489]).</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Adjusted license expression: some code is Apache-2.0 only (<a
href="https://redirect.github.com/moka-rs/moka/issues/529">#529</a>[gh-pull-0529],
by
[<a
href="https://github.com/musicinmybrain"><code>@​musicinmybrain</code></a>][gh-musicinmybrain]).
<ul>
<li>The license expression in <code>Cargo.toml</code> was changed from
<code>MIT OR Apache-2.0</code> to <code>(MIT OR Apache-2.0) AND
Apache-2.0</code>.</li>
<li>See the <a
href="https://github.com/moka-rs/moka/blob/main/README.md#license">license
section</a> of the README for details.</li>
</ul>
</li>
<li>Upgrading a crate in the dependencies:
<ul>
<li>Raised the minimum version of <code>crossbeam-channel</code> crate
from <code>v0.5.5</code> to
<code>v0.5.15</code> to avoid the following issue (<a
href="https://redirect.github.com/moka-rs/moka/issues/514">#514</a>[gh-pull-0514],
by [karankurbur][gh-karankurbur]).
<ul>
<li>[RUSTSEC-2025-0024] crossbeam-channel: double free on Drop</li>
</ul>
</li>
</ul>
</li>
<li>Moving a crate from the dependencies to the dev-dependencies:
<ul>
<li>Switched <code>loom</code> crate to a dev-dependency
(<a
href="https://redirect.github.com/moka-rs/moka/issues/509">#509</a>[gh-pull-0509],
by [thomaseizinger][gh-thomaseizinger]).</li>
</ul>
</li>
<li>Updating a crate in the dev-dependencies:
<ul>
<li>Upgraded <code>reqwest</code> crate in the dev-dependencies from
<code>v0.11</code> to <code>v0.12</code>
(<a
href="https://redirect.github.com/moka-rs/moka/issues/531">#531</a>[gh-pull-0531],
by [musicinmybrain][gh-musicinmybrain]).</li>
</ul>
</li>
</ul>
<h3>Removed</h3>
<ul>
<li>Removing a crate from the dependencies:
<ul>
<li>Removed <code>thiserror</code> crate by manually implementing
<code>std::error::Error</code> for
<code>moka::PredicateError</code> (<a
href="https://redirect.github.com/moka-rs/moka/issues/512">#512</a>[gh-pull-0512],
by [<a
href="https://github.com/brownjohnf"><code>@​brownjohnf</code></a>][gh-brownjohnf]).</li>
</ul>
</li>
<li>Removing crates from the dev-dependencies:
<ul>
<li>Removed unmaintained <code>paste</code> crate from the
dev-dependencies (<a
href="https://redirect.github.com/moka-rs/moka/issues/504">#504</a>[gh-pull-0504]).
<ul>
<li>[RUSTSEC-2024-0436] paste - no longer maintained</li>
</ul>
</li>
<li>Removed discontinued <code>async-std</code> crate from the
dev-dependencies (<a
href="https://redirect.github.com/moka-rs/moka/issues/534">#534</a>[gh-pull-0534]).
<ul>
<li>[RUSTSEC-2025-0052] async-std has been discontinued</li>
</ul>
</li>
</ul>
</li>
<li>Removed clippy ignore <code>non_send_fields_in_send_ty</code> that
no longer applies
(<a
href="https://redirect.github.com/moka-rs/moka/issues/505">#505</a>[gh-pull-0505],
by [<a
href="https://github.com/qti3e"><code>@​qti3e</code></a>][gh-qti3e]).</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Remove redundant word in source code comment (<a
href="https://redirect.github.com/moka-rs/moka/issues/532">#532</a>[gh-pull-0532],
by [<a
href="https://github.com/quantpoet"><code>@​quantpoet</code></a>][gh-quantpoet]).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/moka-rs/moka/commit/9f166f2a12f9cc14e536ce77920c9d72e01bcdff"><code>9f166f2</code></a>
Merge pull request <a
href="https://redirect.github.com/moka-rs/moka/issues/536">#536</a> from
moka-rs/prepare-v0.12.11</li>
<li><a
href="https://github.com/moka-rs/moka/commit/d4f3911b60458d0b8dfaa4eefe703ff7d6bbeb1e"><code>d4f3911</code></a>
Update the changelog for <code>v0.12.11</code></li>
<li><a
href="https://github.com/moka-rs/moka/commit/30665d701a3c759edfa57287a04332b82f1a1fdd"><code>30665d7</code></a>
Merge pull request <a
href="https://redirect.github.com/moka-rs/moka/issues/537">#537</a> from
moka-rs/adjust-oss-license</li>
<li><a
href="https://github.com/moka-rs/moka/commit/de9cba3dc30358a755e4eabf7757e9a2abcb71ac"><code>de9cba3</code></a>
doc - Remove the Markdown style links from the NOTICE file</li>
<li><a
href="https://github.com/moka-rs/moka/commit/6f780a05bc63b3141d50b984c98512725f1c086d"><code>6f780a0</code></a>
doc: Explain two source files are distributed under the Apache 2.0
only</li>
<li><a
href="https://github.com/moka-rs/moka/commit/dcd4932d0eccae7f01f2c97242011fee2d8733a1"><code>dcd4932</code></a>
Update the changelog for <code>v0.12.11</code></li>
<li><a
href="https://github.com/moka-rs/moka/commit/429f7563373bdccfde88ce60ad6a650a55c56cda"><code>429f756</code></a>
Merge pull request <a
href="https://redirect.github.com/moka-rs/moka/issues/530">#530</a> from
moka-rs/fix-ci-2025-09-18</li>
<li><a
href="https://github.com/moka-rs/moka/commit/accfc7c7b1e1457f5fe67219e90d5d6f35ef1cea"><code>accfc7c</code></a>
CI: Try to fix the CI for the minimum version dependencies</li>
<li><a
href="https://github.com/moka-rs/moka/commit/f21da3ba37cddda329d981551c461d0f9cc3aea1"><code>f21da3b</code></a>
CI: Fix the CI for the MSRV 1.70</li>
<li><a
href="https://github.com/moka-rs/moka/commit/f5ce4f5f088dd4eb7e57c57da29524f911a8fbcb"><code>f5ce4f5</code></a>
Merge branch 'main' into fix-ci-2025-09-18</li>
<li>Additional commits viewable in <a
href="https://github.com/moka-rs/moka/compare/v0.12.10...v0.12.11">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=moka&package-manager=cargo&previous-version=0.12.10&new-version=0.12.11)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
V3_GIT_ORIGIN_REV_ID: db36974d248d5412fa7a0e72882d4ba28c1f9919
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 2.0.16 to
2.0.17.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dtolnay/thiserror/releases">thiserror's
releases</a>.</em></p>
<blockquote>
<h2>2.0.17</h2>
<ul>
<li>Use differently named __private module per patch release (<a
href="https://redirect.github.com/dtolnay/thiserror/issues/434">#434</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/dtolnay/thiserror/commit/72ae716e6d6a7f7fdabdc394018c745b4d39ca45"><code>72ae716</code></a>
Release 2.0.17</li>
<li><a
href="https://github.com/dtolnay/thiserror/commit/599fdce83aee7767eb87b5af7bb30c37f3ed61e5"><code>599fdce</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/thiserror/issues/434">#434</a>
from dtolnay/private</li>
<li><a
href="https://github.com/dtolnay/thiserror/commit/9ec05f6b38041bfe1ff5a274caec6e054a459aca"><code>9ec05f6</code></a>
Use differently named __private module per patch release</li>
<li><a
href="https://github.com/dtolnay/thiserror/commit/d2c492b5498a0134abcc1677101bec876fe0621a"><code>d2c492b</code></a>
Raise minimum tested compiler to rust 1.76</li>
<li><a
href="https://github.com/dtolnay/thiserror/commit/fc3ab9501d4f2b6df2d7e495dc1cb37ab6e68363"><code>fc3ab95</code></a>
Opt in to generate-macro-expansion when building on docs.rs</li>
<li><a
href="https://github.com/dtolnay/thiserror/commit/819fe29dbb6e41bb937e3fef0469917d7c476c60"><code>819fe29</code></a>
Update ui test suite to nightly-2025-09-12</li>
<li><a
href="https://github.com/dtolnay/thiserror/commit/259f48c549a2b49c00d2d58a204c1a3b4d2fb29a"><code>259f48c</code></a>
Enforce trybuild &gt;= 1.0.108</li>
<li><a
href="https://github.com/dtolnay/thiserror/commit/470e6a681c073f12e29daf64dcec724bfd5871a9"><code>470e6a6</code></a>
Update ui test suite to nightly-2025-08-24</li>
<li><a
href="https://github.com/dtolnay/thiserror/commit/544e191e6e7f2e7cc3ac34b77d9165c30d982463"><code>544e191</code></a>
Update actions/checkout@v4 -&gt; v5</li>
<li><a
href="https://github.com/dtolnay/thiserror/commit/cbc1ebad3e91621ee0f94cf56d131f12fee62a3c"><code>cbc1eba</code></a>
Delete duplicate cap-lints flag from build script</li>
<li>See full diff in <a
href="https://github.com/dtolnay/thiserror/compare/2.0.16...2.0.17">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=thiserror&package-manager=cargo&previous-version=2.0.16&new-version=2.0.17)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
V3_GIT_ORIGIN_REV_ID: 7a61e584a8fdfed39401fe6cd53288fc19436fd1
Bumps [serde_with](https://github.com/jonasbb/serde_with) from 3.14.0 to
3.14.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/jonasbb/serde_with/releases">serde_with's
releases</a>.</em></p>
<blockquote>
<h2>serde_with v3.14.1</h2>
<h3>Fixed</h3>
<ul>
<li>Show macro expansion in the docs.rs generated rustdoc.
Since macros are used to generate trait implementations, this is useful
to understand the exact generated code.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/jonasbb/serde_with/commit/15022b19fd7601f8ef20c9a9923c77d0d40f44c4"><code>15022b1</code></a>
Bump version to 3.14.1 (<a
href="https://redirect.github.com/jonasbb/serde_with/issues/886">#886</a>)</li>
<li><a
href="https://github.com/jonasbb/serde_with/commit/69d8cea3b05a78ae7a6c174ead87558b2e3e4f8b"><code>69d8cea</code></a>
Enable crates.io trusted publishing (<a
href="https://redirect.github.com/jonasbb/serde_with/issues/885">#885</a>)</li>
<li><a
href="https://github.com/jonasbb/serde_with/commit/2e30bbb0811a6dc8bc10d09dec815557a2efd8da"><code>2e30bbb</code></a>
Bump version to 3.14.1</li>
<li><a
href="https://github.com/jonasbb/serde_with/commit/afd1333dd86ea4fc4bd2a532926b31a1c723f85f"><code>afd1333</code></a>
Enable crates.io trusted publishing</li>
<li><a
href="https://github.com/jonasbb/serde_with/commit/eec78a034d7e8417a92b99111d2dd1a164e65e42"><code>eec78a0</code></a>
Add 1.90 to CI matrix (<a
href="https://redirect.github.com/jonasbb/serde_with/issues/884">#884</a>)</li>
<li><a
href="https://github.com/jonasbb/serde_with/commit/ea091d1d442717a08ad0a702fc19d5175f468c4b"><code>ea091d1</code></a>
Generate macro expansion in rustdoc (<a
href="https://redirect.github.com/jonasbb/serde_with/issues/883">#883</a>)</li>
<li><a
href="https://github.com/jonasbb/serde_with/commit/8876010b46df78a52e53b82bd139b1f8309996e8"><code>8876010</code></a>
Add 1.90 to CI matrix</li>
<li><a
href="https://github.com/jonasbb/serde_with/commit/555d2bb78b334831aec91fcc568b0e455094dbf4"><code>555d2bb</code></a>
Update formatting for nightly rust (<a
href="https://redirect.github.com/jonasbb/serde_with/issues/882">#882</a>)</li>
<li><a
href="https://github.com/jonasbb/serde_with/commit/b852142b8eb8dfa25ce648d0f975329e1f1e9bbe"><code>b852142</code></a>
Generate macro expansion in rustdoc</li>
<li><a
href="https://github.com/jonasbb/serde_with/commit/f4144635bd78c7428b4057de1a0b738e3f1fd780"><code>f414463</code></a>
Update formatting for nightly rust</li>
<li>Additional commits viewable in <a
href="https://github.com/jonasbb/serde_with/compare/v3.14.0...v3.14.1">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=serde_with&package-manager=cargo&previous-version=3.14.0&new-version=3.14.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
V3_GIT_ORIGIN_REV_ID: 3688efbcd57c9a8840b3f4162fdae6b48a7ed4d6
Bumps [object_store](https://github.com/apache/arrow-rs-object-store)
from 0.12.3 to 0.12.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/apache/arrow-rs-object-store/blob/main/CHANGELOG-old.md">object_store's
changelog</a>.</em></p>
<blockquote>
<!-- raw HTML omitted -->
<h1>Historical Changelog</h1>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/apache/arrow-rs-object-store/commit/9dc8d7df13e59d8ff6d9df138627977f0b78d6cb"><code>9dc8d7d</code></a>
Update version to 0.12.4 and add changelog (<a
href="https://redirect.github.com/apache/arrow-rs-object-store/issues/491">#491</a>)</li>
<li><a
href="https://github.com/apache/arrow-rs-object-store/commit/cac4bacf89133e12a8ff0f30055a1bc53cdca96c"><code>cac4bac</code></a>
Revert &quot;refactor: remove AWS dynamo integration (<a
href="https://redirect.github.com/apache/arrow-rs-object-store/issues/407">#407</a>)&quot;
(<a
href="https://redirect.github.com/apache/arrow-rs-object-store/issues/493">#493</a>)</li>
<li><a
href="https://github.com/apache/arrow-rs-object-store/commit/ebfd02f0209e1cc3f5625815e3e5431ed0976d93"><code>ebfd02f</code></a>
AWS S3: Support STS endpoint, WebIdentity, RoleArn, RoleSession
configuration...</li>
<li><a
href="https://github.com/apache/arrow-rs-object-store/commit/f1dd0752f5dde6b992602bd0641a5c62a7a32ca9"><code>f1dd075</code></a>
Fix for clippy 1.90 (<a
href="https://redirect.github.com/apache/arrow-rs-object-store/issues/492">#492</a>)</li>
<li><a
href="https://github.com/apache/arrow-rs-object-store/commit/ed17e120cd9ae3db6b6f4f940e12238939fe1e0b"><code>ed17e12</code></a>
Add version 0.12.4 release plan to README (<a
href="https://redirect.github.com/apache/arrow-rs-object-store/issues/490">#490</a>)</li>
<li><a
href="https://github.com/apache/arrow-rs-object-store/commit/da88a756b09fb2694c4a70aa6ac12fabf31cfe26"><code>da88a75</code></a>
Add storage class for aws, gcp, and azure (<a
href="https://redirect.github.com/apache/arrow-rs-object-store/issues/456">#456</a>)</li>
<li><a
href="https://github.com/apache/arrow-rs-object-store/commit/f73c457dd6a25d323bb66878e3c19b521dc11c85"><code>f73c457</code></a>
aws: downgrade credential provider info! log messages to debug! (<a
href="https://redirect.github.com/apache/arrow-rs-object-store/issues/436">#436</a>)</li>
<li><a
href="https://github.com/apache/arrow-rs-object-store/commit/59e554516a838cfc09de212a7e1719d5df2f716b"><code>59e5545</code></a>
chore(client/retry): include error info in logs when retry occurs (<a
href="https://redirect.github.com/apache/arrow-rs-object-store/issues/487">#487</a>)</li>
<li><a
href="https://github.com/apache/arrow-rs-object-store/commit/c0e241eb95a61d52964f3d7741673b91f86db58b"><code>c0e241e</code></a>
build(deps): bump actions/github-script from 7 to 8 (<a
href="https://redirect.github.com/apache/arrow-rs-object-store/issues/478">#478</a>)</li>
<li><a
href="https://github.com/apache/arrow-rs-object-store/commit/49ce8729830cfdbf3da74a6a50a900300d5c69cb"><code>49ce872</code></a>
build(deps): bump actions/setup-node from 4 to 5 (<a
href="https://redirect.github.com/apache/arrow-rs-object-store/issues/477">#477</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/apache/arrow-rs-object-store/compare/v0.12.3...v0.12.4">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=object_store&package-manager=cargo&previous-version=0.12.3&new-version=0.12.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
V3_GIT_ORIGIN_REV_ID: 74d7f8f6e760842efa0311d95134077fd6d5802f
<!-- The PR description should answer 2 important questions: -->

### What

<!-- What is this PR trying to accomplish (and why, if it's not
obvious)? -->

<!-- Consider: do we need to add a changelog entry? -->

<!-- Does this PR introduce new validation that might break old builds?
-->

<!-- Consider: do we need to put new checks behind a flag? -->

### How

<!-- How is it trying to accomplish it (what are the implementation
steps)? -->

V3_GIT_ORIGIN_REV_ID: 03cf245dad1496b737d2b3db51dfe785ec5bb814
PR-URL: hasura/graphql-engine-mono#11337
GitOrigin-RevId: 7918250a6cdda9b2abfac2d9ddef9038d22edba8
PR-URL: hasura/graphql-engine-mono#11340
GitOrigin-RevId: d35c154107324d20a81c9c361317df0258d7a313
PR-URL: hasura/graphql-engine-mono#11343
GitOrigin-RevId: 84c14efb9b7dafef6fef36d2989a32009846de33
dependabot Bot and others added 30 commits May 6, 2026 09:15
Bumps [oas3](https://github.com/x52dev/oas3-rs) from 0.20.1 to 0.21.0.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/x52dev/oas3-rs/commits">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=oas3&package-manager=cargo&previous-version=0.20.1&new-version=0.21.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
V3_GIT_ORIGIN_REV_ID: 1caaf5c47cc9ca1beaa19c503ef5f0211d096541
Bumps [mockito](https://github.com/lipanski/mockito) from 1.7.1 to
1.7.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/lipanski/mockito/releases">mockito's
releases</a>.</em></p>
<blockquote>
<h2>1.7.2</h2>
<ul>
<li>Update to reqwest 0.13 by <a
href="https://github.com/tottoto"><code>@​tottoto</code></a> in <a
href="https://redirect.github.com/lipanski/mockito/pull/223">lipanski/mockito#223</a></li>
<li>Allow returning a different status code based on a request by <a
href="https://github.com/songokas"><code>@​songokas</code></a> in <a
href="https://redirect.github.com/lipanski/mockito/pull/224">lipanski/mockito#224</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/lipanski/mockito/commit/2e16acfebeb623f3ff91bffa4574be1c04caee0b"><code>2e16acf</code></a>
Bump to 1.7.2</li>
<li><a
href="https://github.com/lipanski/mockito/commit/e404bdf4e18cdf411f035ab31302211727d76ba0"><code>e404bdf</code></a>
Update docs</li>
<li><a
href="https://github.com/lipanski/mockito/commit/e2c1692186e313bf592189d34a9fd99e03e9b0d0"><code>e2c1692</code></a>
Merge pull request <a
href="https://redirect.github.com/lipanski/mockito/issues/224">#224</a>
from songokas/status-code-from-request</li>
<li><a
href="https://github.com/lipanski/mockito/commit/86596b774d1858a5b817774cd9b80b1b59bc8b4b"><code>86596b7</code></a>
Allow returning a different status code based on a request</li>
<li><a
href="https://github.com/lipanski/mockito/commit/4a70878a4dfc06be403e6d978353e86c96dabfcd"><code>4a70878</code></a>
Merge pull request <a
href="https://redirect.github.com/lipanski/mockito/issues/223">#223</a>
from tottoto/update-to-reqwest-0.13</li>
<li><a
href="https://github.com/lipanski/mockito/commit/35fccfb88357e1e62e0f62c5b1897ff035721def"><code>35fccfb</code></a>
Update to reqwest 0.13</li>
<li>See full diff in <a
href="https://github.com/lipanski/mockito/compare/1.7.1...1.7.2">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mockito&package-manager=cargo&previous-version=1.7.1&new-version=1.7.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
V3_GIT_ORIGIN_REV_ID: b31ec111ba94d84af0707c3567cbbe2bf0ba73f5
PR-URL: hasura/graphql-engine-mono#11514
GitOrigin-RevId: c673f6bc733594b2be81fa6f6a00a9bf49dc411d
Bumps [futures-util](https://github.com/rust-lang/futures-rs) from
0.3.31 to 0.3.32.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/rust-lang/futures-rs/releases">futures-util's
releases</a>.</em></p>
<blockquote>
<h2>0.3.32</h2>
<ul>
<li>Bump MSRV of utility crates to 1.71. (<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2989">#2989</a>)</li>
<li>Soft-deprecate <code>ready!</code> macro in favor of
<code>std::task::ready!</code> added in Rust 1.64 (<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2925">#2925</a>)</li>
<li>Soft-deprecate <code>pin_mut!</code> macro in favor of
<code>std::pin::pin!</code> added in Rust 1.68 (<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2929">#2929</a>)</li>
<li>Add <code>FuturesOrdered::clear</code> (<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2927">#2927</a>)</li>
<li>Add <code>mpsc::*Receiver::recv</code> (<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2947">#2947</a>)</li>
<li>Add <code>mpsc::*Receiver::try_recv</code> and deprecate
<code>mpsc::*Receiver::::try_next</code> (<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2944">#2944</a>)</li>
<li>Implement <code>FusedStream</code> for <code>sink::With</code> (<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2948">#2948</a>)</li>
<li>Add <code>no_std</code> support for <code>shared</code> (<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2868">#2868</a>)</li>
<li>Make <code>Mutex::new()</code> const (<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2956">#2956</a>)</li>
<li>Add <code>#[clippy::has_significant_drop]</code> to guards (<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2967">#2967</a>)</li>
<li>Remove dependency to <code>pin-utils</code> (<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2929">#2929</a>)</li>
<li>Remove dependency on <code>num_cpus</code> (<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2946">#2946</a>)</li>
<li>Performance improvements (<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2983">#2983</a>)</li>
<li>Documentation improvements (<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2925">#2925</a>,
<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2926">#2926</a>,
<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2940">#2940</a>,
<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2971">#2971</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/rust-lang/futures-rs/blob/master/CHANGELOG.md">futures-util's
changelog</a>.</em></p>
<blockquote>
<h1>0.3.32 - 2026-02-15</h1>
<ul>
<li>Bump MSRV of utility crates to 1.71. (<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2989">#2989</a>)</li>
<li>Soft-deprecate <code>ready!</code> macro in favor of
<code>std::task::ready!</code> added in Rust 1.64 (<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2925">#2925</a>)</li>
<li>Soft-deprecate <code>pin_mut!</code> macro in favor of
<code>std::pin::pin!</code> added in Rust 1.68 (<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2929">#2929</a>)</li>
<li>Add <code>FuturesOrdered::clear</code> (<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2927">#2927</a>)</li>
<li>Add <code>mpsc::*Receiver::recv</code> (<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2947">#2947</a>)</li>
<li>Add <code>mpsc::*Receiver::try_recv</code> and deprecate
<code>mpsc::*Receiver::::try_next</code> (<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2944">#2944</a>)</li>
<li>Implement <code>FusedStream</code> for <code>sink::With</code> (<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2948">#2948</a>)</li>
<li>Add <code>no_std</code> support for <code>shared</code> (<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2868">#2868</a>)</li>
<li>Make <code>Mutex::new()</code> const (<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2956">#2956</a>)</li>
<li>Add <code>#[clippy::has_significant_drop]</code> to guards (<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2967">#2967</a>)</li>
<li>Remove dependency to <code>pin-utils</code> (<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2929">#2929</a>)</li>
<li>Remove dependency on <code>num_cpus</code> (<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2946">#2946</a>)</li>
<li>Performance improvements (<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2983">#2983</a>)</li>
<li>Documentation improvements (<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2925">#2925</a>,
<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2926">#2926</a>,
<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2940">#2940</a>,
<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2971">#2971</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/rust-lang/futures-rs/commit/d9bba94c239daa1175a5bb2958f37a5c72db3f6a"><code>d9bba94</code></a>
Release 0.3.32</li>
<li><a
href="https://github.com/rust-lang/futures-rs/commit/151e0b90dec62103df5239f0612f42467994f406"><code>151e0b9</code></a>
Add comments on rust-version field in Cargo.toml</li>
<li><a
href="https://github.com/rust-lang/futures-rs/commit/4aaf00c35176d7180557559f54b0c151e2e608aa"><code>4aaf00c</code></a>
Bump MSRV of utility crates to 1.71</li>
<li><a
href="https://github.com/rust-lang/futures-rs/commit/a4cce12c55942c6e1f2a507061fc6ca94c5b8862"><code>a4cce12</code></a>
perf: improve AtomicWaker::wake performance (<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2983">#2983</a>)</li>
<li><a
href="https://github.com/rust-lang/futures-rs/commit/ba9d102ca6e4a941a5068a1a8dcf0ff3a6c9085a"><code>ba9d102</code></a>
Add <code>#[clippy::has_significant_drop]</code> to guards (<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2967">#2967</a>)</li>
<li><a
href="https://github.com/rust-lang/futures-rs/commit/20396a83eff35414d17320dc35858243e54f0bc8"><code>20396a8</code></a>
Fix rustdoc::broken_intra_doc_links warning</li>
<li><a
href="https://github.com/rust-lang/futures-rs/commit/815f6eb4e40ca9ff81d7d9a25a863d3c1ffdb79e"><code>815f6eb</code></a>
Fix documentation of <code>BiLock::lock</code> (<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2971">#2971</a>)</li>
<li><a
href="https://github.com/rust-lang/futures-rs/commit/0f0db0421d4edc9fc56c3643f7e7f3bd23058023"><code>0f0db04</code></a>
futures-util: make <code>Mutex::new()</code> const (<a
href="https://redirect.github.com/rust-lang/futures-rs/issues/2956">#2956</a>)</li>
<li><a
href="https://github.com/rust-lang/futures-rs/commit/5d6fc5e4083f5da376ccc7a50403d842e553e286"><code>5d6fc5e</code></a>
ci: Test big-endian target (s390x Linux)</li>
<li><a
href="https://github.com/rust-lang/futures-rs/commit/9f739fe40b9c3e80b8f40054a739a220428a4675"><code>9f739fe</code></a>
Ignore dead_code lint on Fn1 trait</li>
<li>Additional commits viewable in <a
href="https://github.com/rust-lang/futures-rs/compare/0.3.31...0.3.32">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=futures-util&package-manager=cargo&previous-version=0.3.31&new-version=0.3.32)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
V3_GIT_ORIGIN_REV_ID: ef6524010fd0ed31e80bcbc05113e0efd7e10374
## Summary

- Adds `compose.isolated.yaml` + `multi-session-override.yaml` enabling
multiple parallel dev sessions on Aisura/shared machines without port or
container conflicts
- Modeled after the promptql-cloud `compose.v2.local-isolated.yaml`
pattern using Docker Compose `!reset`/`!override` tags
- Updates `CLAUDE.md` with an Aisura/Remote Dev section covering start,
teardown, and port allocation

## Usage

```bash
# Session 1
ENGINE_HOST_PORT=3000 JAEGER_HOST_PORT=4002 \
  docker compose -p engine-1 -f compose.isolated.yaml up -d --build

# Session 2 (parallel, no conflicts)
ENGINE_HOST_PORT=3001 JAEGER_HOST_PORT=4003 \
  docker compose -p engine-2 -f compose.isolated.yaml up -d --build

# Tear down
docker compose -p engine-1 -f compose.isolated.yaml down -v
```

## How it works

`multi-session-override.yaml` is layered on top of `docker-compose.yaml`
via the `include` directive. It:
- Strips `container_name` from all services (Docker auto-generates
unique names per `-p` project)
- Clears all fixed `ports` bindings to prevent host port conflicts
between sessions
- Re-exposes only `engine` (via `ENGINE_HOST_PORT`) and Jaeger UI (via
`JAEGER_HOST_PORT`) with env-var-controlled host ports

## Test plan

- [ ] `docker compose -p engine-1 -f compose.isolated.yaml config`
validates without errors
- [ ] Two sessions start in parallel with different port values and
different `-p` names without conflict
- [ ] `docker compose -p engine-1 -f compose.isolated.yaml down -v`
cleanly tears down only session 1

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: Aisura <aisura@aisura.hasura.office>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Phil Freeman <phil@hasura.io>
V3_GIT_ORIGIN_REV_ID: dae63f712641019ad516f42a42f58fcae63b7809
GITHUB_PR_NUMBER: 10837
GITHUB_PR_URL: #10837

PR-URL: hasura/graphql-engine-mono#11518
Co-authored-by: Gajendra Malviya <219787351+thzgajendra@users.noreply.github.com>
GitOrigin-RevId: 11cdeb79bd2507cee0bbced0fe2e7eb4e9b1e945
PR-URL: hasura/graphql-engine-mono#11525
GitOrigin-RevId: 4eab5fb6a11d66670c5c2c773ddc6ab762172624
PR-URL: hasura/graphql-engine-mono#11528
Co-authored-by: Toan Nguyen  <1615675+hgiasac@users.noreply.github.com>
GitOrigin-RevId: 955815476e2f08e07f0abf5b2157b6c0c31d75a6
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.49.0 to 1.50.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tokio-rs/tokio/releases">tokio's
releases</a>.</em></p>
<blockquote>
<h2>Tokio v1.50.0</h2>
<h1>1.50.0 (Mar 3rd, 2026)</h1>
<h3>Added</h3>
<ul>
<li>net: add <code>TcpStream::set_zero_linger</code> (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7837">#7837</a>)</li>
<li>rt: add <code>is_rt_shutdown_err</code> (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7771">#7771</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>io: add optimizer hint that <code>memchr</code> returns in-bounds
pointer (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7792">#7792</a>)</li>
<li>io: implement vectored writes for <code>write_buf</code> (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7871">#7871</a>)</li>
<li>runtime: panic when <code>event_interval</code> is set to 0 (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7838">#7838</a>)</li>
<li>runtime: shorten default thread name to fit in Linux limit (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7880">#7880</a>)</li>
<li>signal: remember the result of <code>SetConsoleCtrlHandler</code>
(<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7833">#7833</a>)</li>
<li>signal: specialize windows <code>Registry</code> (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7885">#7885</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>io: always cleanup <code>AsyncFd</code> registration list on
deregister (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7773">#7773</a>)</li>
<li>macros: remove (most) local <code>use</code> declarations in
<code>tokio::select!</code> (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7929">#7929</a>)</li>
<li>net: fix <code>GET_BUF_SIZE</code> constant for <code>target_os =
&quot;android&quot;</code> (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7889">#7889</a>)</li>
<li>runtime: avoid redundant unpark in current_thread scheduler (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7834">#7834</a>)</li>
<li>runtime: don't park in <code>current_thread</code> if
<code>before_park</code> defers waker (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7835">#7835</a>)</li>
<li>io: fix write readiness on ESP32 on short writes (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7872">#7872</a>)</li>
<li>runtime: wake deferred tasks before entering
<code>block_in_place</code> (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7879">#7879</a>)</li>
<li>sync: drop rx waker when oneshot receiver is dropped (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7886">#7886</a>)</li>
<li>runtime: fix double increment of <code>num_idle_threads</code> on
shutdown (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7910">#7910</a>,
<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7918">#7918</a>,
<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7922">#7922</a>)</li>
</ul>
<h3>Unstable</h3>
<ul>
<li>fs: check for io-uring opcode support (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7815">#7815</a>)</li>
<li>runtime: avoid lock acquisition after uring init (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7850">#7850</a>)</li>
</ul>
<h3>Documented</h3>
<ul>
<li>docs: update outdated unstable features section (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7839">#7839</a>)</li>
<li>io: clarify the behavior of <code>AsyncWriteExt::shutdown()</code>
(<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7908">#7908</a>)</li>
<li>io: explain how to flush stdout/stderr (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7904">#7904</a>)</li>
<li>io: fix incorrect and confusing <code>AsyncWrite</code>
documentation (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7875">#7875</a>)</li>
<li>rt: clarify the documentation of <code>Runtime::spawn</code> (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7803">#7803</a>)</li>
<li>rt: fix missing quotation in docs (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7925">#7925</a>)</li>
<li>runtime: correct the default thread name in docs (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7896">#7896</a>)</li>
<li>runtime: fix <code>event_interval</code> doc (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7932">#7932</a>)</li>
<li>sync: clarify RwLock fairness documentation (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7919">#7919</a>)</li>
<li>sync: clarify that <code>recv</code> returns <code>None</code> once
closed and no more messages (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7920">#7920</a>)</li>
<li>task: clarify when to use <code>spawn_blocking</code> vs dedicated
threads (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7923">#7923</a>)</li>
<li>task: doc that task drops before <code>JoinHandle</code> completion
(<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7825">#7825</a>)</li>
<li>signal: guarantee that listeners never return <code>None</code> (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7869">#7869</a>)</li>
<li>task: fix task module feature flags in docs (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7891">#7891</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/tokio-rs/tokio/commit/0273e45ead199dac7725faee1e3dc35a9c8753ab"><code>0273e45</code></a>
chore: prepare Tokio v1.50.0 (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7934">#7934</a>)</li>
<li><a
href="https://github.com/tokio-rs/tokio/commit/e3ee4e58dc9bb7accf26dfd51b0a2146922b5269"><code>e3ee4e5</code></a>
chore: prepare tokio-macros v2.6.1 (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7943">#7943</a>)</li>
<li><a
href="https://github.com/tokio-rs/tokio/commit/8c980ea75a0f8dd2799403777db700c2e8f4cda4"><code>8c980ea</code></a>
io: add <code>write_all_vectored</code> to <code>tokio-util</code> (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7768">#7768</a>)</li>
<li><a
href="https://github.com/tokio-rs/tokio/commit/e35fd6d6b7d9a8ba37ee621835ef91372c2565cb"><code>e35fd6d</code></a>
ci: fix patch during clippy step (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7935">#7935</a>)</li>
<li><a
href="https://github.com/tokio-rs/tokio/commit/03fe44c10302fdb55c29dbe5b08d4f8769c80272"><code>03fe44c</code></a>
runtime: fix <code>event_interval</code> doc (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7932">#7932</a>)</li>
<li><a
href="https://github.com/tokio-rs/tokio/commit/d18e5dfbb0cdc28725bebb28cde80a6c11ee32bc"><code>d18e5df</code></a>
io: fix race in <code>Mock::poll_write</code> (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7882">#7882</a>)</li>
<li><a
href="https://github.com/tokio-rs/tokio/commit/f21f2693f02aec9a876ac2bd21566c85e15b682e"><code>f21f269</code></a>
runtime: fix race condition during the blocking pool shutdown (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7922">#7922</a>)</li>
<li><a
href="https://github.com/tokio-rs/tokio/commit/d81e8f0acbdd7d866bce4f733b3545fd834c7840"><code>d81e8f0</code></a>
macros: remove (most) local <code>use</code> declarations in
<code>tokio::select!</code> (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7929">#7929</a>)</li>
<li><a
href="https://github.com/tokio-rs/tokio/commit/25e7f2641ef2555d688c267059431a2802805f1d"><code>25e7f26</code></a>
rt: fix missing quotation in docs (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7925">#7925</a>)</li>
<li><a
href="https://github.com/tokio-rs/tokio/commit/e1a91ef114a301b542d810abab9956f2868861b9"><code>e1a91ef</code></a>
util: fix typo in docs (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7926">#7926</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tokio-rs/tokio/compare/tokio-1.49.0...tokio-1.50.0">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tokio&package-manager=cargo&previous-version=1.49.0&new-version=1.50.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
V3_GIT_ORIGIN_REV_ID: 44e55680e8f9f850c22cbdc487bf868df3b30ba5
## Summary

- Adds `HASURA_GRAPHQL_DISABLE_EVENTING` env var (and `--disable-eventing` CLI flag) that turns off the entire eventing subsystem: event triggers, scheduled events, cron event generator, and async actions. Previously the OSS / single-tenant Pro path hardcoded `EventingMode = EventingEnabled`; only the multi-tenant cloud build had a `--disableEventing` flag, on a separate code path.
- Sets the new env var on the temporary HGE instance launched by the `cli-migrations` v2 and v3 entrypoints, so migration jobs stop competing with the four eventing pollers for database resources.

## Why

Single-tenant deployments running migration jobs against busy databases were seeing the temporary HGE instance's event/cron/async-action pollers compete with the migration workload for DB connections, causing knock-on issues. There was no way to disable those pollers individually in the single-tenant build — `HASURA_GRAPHQL_EVENTS_FETCH_BATCH_SIZE=0` only quiets event triggers, and the `EventingMode` umbrella was unreachable from outside the multi-tenant cloud arg parser.

This patch reuses the existing `EventingMode` machinery (consumed at `server/src-lib/Hasura/App.hs:1110-1130`) so the env var flips all four threads off in one go. Multi-tenant cloud's existing flag is untouched.

## Test plan

- [ ] `cabal build graphql-engine` succeeds (verified locally).
- [ ] `cabal build graphql-engine-pro` succeeds.
- [ ] Start OSS server with `HASURA_GRAPHQL_DISABLE_EVENTING=true` and confirm the startup log line "Starting in eventing disabled mode" appears and none of the four poller threads run.
- [ ] Start OSS server unset / with `false` and confirm normal "eventing enabled" startup and behaviour.
- [ ] Build a `cli-migrations:v3` image, run it against a Postgres with an event trigger, and confirm the temporary instance does not pull from `hdb_catalog.event_log` during the migration window.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

PR-URL: hasura/graphql-engine-mono#11530
GitOrigin-RevId: 42a25f648b5ccd3058939f8b5c3723faab95f086
PR-URL: hasura/graphql-engine-mono#11531
GitOrigin-RevId: c44017524fea8f7c03deffc567c0a6e0d1073ef5
…2511)

## Summary

The `/v1/sql` relational pushdown path silently ignored
`DataConnectorLink.argumentPresets`. Any header-forwarding configured on
a
connector link only worked for GraphQL and JSON:API requests; models
queried
via SQL saw the configured headers dropped on the floor.

`process_argument_presets` already injects the resolved presets on the
GraphQL
path (`crates/plan/src/query/arguments.rs`). The relational planner has
its
own narrower `resolve_arguments` that only honoured ModelPermission
`argument_presets`, so `data_connector_link_argument_presets` were never
read,
and the outgoing `RelationalQuery` always shipped with
`request_arguments: None`.

This change wires the same presets into the relational path:

- Carries `link_argument_presets` and the source model's `type_mappings`
  alongside the existing `data_connector` through `PushdownRel`,
  `PlanResponse`, and `SendRel`.
- Resolves those presets at execution time via the shared
  `process_connector_link_presets`, populating
`RelationalQuery.request_arguments` with the same JSON-object payload
that
  the GraphQL path emits per function argument.
- Forwards through joins / unions / paginate / project / filter /
aggregate /
  sort / window / subquery-alias by propagating the new fields in
  `from_df_plan` and `AbsorbIntoRel`.

The selective forwarding behaviour Phil flagged in the originating
thread is
preserved: only headers listed in `forward` reach the connector — the
test
asserts that an unrelated `x-internal-secret` header configured in the
request
is NOT included in `request_arguments`, so adding sensitive internal
headers
later remains safe by default.

## Test plan

- [x] `cargo check --workspace --all-targets`
- [x] `cargo clippy -p sql --lib --all-targets`
- [x] `cargo test -p sql --lib` — 93 passed (3 new tests in
`pushdown_rel::tests`)
- [x] `cargo test -p plan --lib` — 7 passed
- [x] `cargo build -p ddn-engine-local-dev --tests`
- [ ] Full `just test` requires Docker — run in CI

New unit tests in
`crates/cloud/sql/src/execute/planner/pushdown_rel.rs`:
- `relational_request_arguments_are_none_when_no_presets` — empty
presets ⇒
`None` (matches the on-wire `skip_serializing_if =
\"BTreeMap::is_empty\"`)
- `relational_request_arguments_forward_configured_headers` — only
headers in
the `forward` list show up under the configured argument name; unrelated
  request headers are dropped.

## Originating thread

https://console.hasura.io/project/hasuraql/promptql-playground/thread/e0c5c5f2-ab7a-42ec-8a36-7a4244f67fdf

Co-authored-by: Phil Freeman <phil@hasura.io>

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: Aisura <aisura@aisura.hasura.office>
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
V3_GIT_ORIGIN_REV_ID: 68683c5c76dfadedd55efcc6ba259a0b223ce3ac
PR-URL: hasura/graphql-engine-mono#11546
GitOrigin-RevId: dd6f0528f90740e3155079481d4ada91862540f1
…elay) endpoint.

PR-URL: hasura/graphql-engine-mono#11549
GitOrigin-RevId: f2f0879d4c635af825f9253a745365ad8fb71553
PR-URL: hasura/graphql-engine-mono#11550
GitOrigin-RevId: 98ffc30385dbfdf7cb36c7f33897df60f241113a
GitOrigin-RevId: 0eecf6abd95a5bdef5b38ff03c263ad09e277382
PR-URL: hasura/graphql-engine-mono#11559
GitOrigin-RevId: 2d3f68a88c1ec02b896eaedce53323856864605d
PR-URL: hasura/graphql-engine-mono#11555
GitOrigin-RevId: c6c931720dee9cc893044f3a8fbd1b85ad67c1d9
… postgres is unreachable

🤖 Generated with [Claude Code](https://claude.com/claude-code)

PR-URL: hasura/graphql-engine-mono#11554
GitOrigin-RevId: 1695fade875d86b7dbfabdabe91f7a03c00aa259
PR-URL: hasura/graphql-engine-mono#11564
GitOrigin-RevId: d76ab0d242595d12c7f820df4adfff1b1bb65a6d
GitOrigin-RevId: 2fc6efeb063d187d4ee984b246855b0da0159d13
## Summary

Add `docker-env-loader` outputs alongside the existing `docker` outputs
in the Nix flake, so every binary that ships a regular Docker image now
also has an env-loader variant built through the same pipeline. The
variant wraps the binary with an entrypoint that reads `/secrets/*.json`
into the environment before exec'ing the binary (same behavior as
`hasura/minio-env-loader` wrapping `minio/minio`).

This replaces the per-service `Dockerfile_EnvLoader` workflow introduced
in #2502 with the Nix-based build pipeline used for every other image.
The `Dockerfile_EnvLoader` from #2502 is left untouched in this PR; a
follow-up can retire it once the new variant is wired into CI.

Linked discussion:
https://prompt.ql.app/promptql-playground/thread/742d2d35-57dd-4130-b6bd-7820b2f33c38

## Approach

1. **Vendor the entrypoint script** at `nix/docker-entrypoint.sh`,
copied verbatim from
`hasura/lux:scripts/docker-entrypoint/docker-entrypoint.sh` (the source
for the `lux-env-loader-entrypoint` image). No remote image pull at
build time.
2. **`nix/docker.nix` grows an `envLoader` parameter.** When `true`:
- The vendored script is installed at
`/usr/local/bin/docker-entrypoint.sh` via a small `runCommand`
derivation.
- The image contents auto-include `busybox` (for `/bin/sh`), `jq` (to
parse the secret JSON), and `inotify-tools` (for `inotifywait`, used
when `ENABLE_AUTO_RESTART_ON_SECRET_CHANGE=true`).
- The entrypoint is prepended with the script: `Entrypoint = [
"/usr/local/bin/docker-entrypoint.sh" "/bin/<pname>" ]`. Per-binary
`extraConfig` still overrides (so `multitenant-engine`'s
`Env`/`ExposedPorts` keep working).
3. **`flake.nix` emits a sibling `docker-env-loader`** under every
`(binaryName, targetSystem)` tree node. Crucially, it passes `package =
self.targets.<localSystem>.<binaryName>.<targetSystem>.binary` — the
**same derivation** as the regular `docker` output — so the Rust build
is not duplicated. Only the Docker packaging layers (image config,
customisation layer, stream script, tarball) differ.

## What you get

```
.#targets.x86_64-linux.<binary>.x86_64-linux.docker              # existing
.#targets.x86_64-linux.<binary>.x86_64-linux.docker-env-loader   # new
.#targets.x86_64-linux.<binary>.aarch64-linux.docker             # existing
.#targets.x86_64-linux.<binary>.aarch64-linux.docker-env-loader  # new
```

for every binary in `flake.nix`'s `binaries` list. Darwin systems get
`null` for both, same as before.

## Verification

Done locally on an aarch64-darwin host (full build needs Linux):

- `nix eval
.#targets.x86_64-linux.engine.x86_64-linux.docker-env-loader.outPath`
and the same for `multitenant-engine.aarch64-linux` both succeed.
- `nix derivation show --recursive` on `docker` and `docker-env-loader`
shows the Rust derivations (`engine-3.0.0.drv`, `engine-deps-3.0.0.drv`)
have the **same store hashes** in both graphs — i.e., the binary really
is shared, not rebuilt.
- The entrypoint derivation (`runCommand "env-loader-entrypoint"`)
builds and produces `/usr/local/bin/docker-entrypoint.sh` with mode 0555
and the expected contents.

## Follow-ups (not in this PR)

- Extend `.github/workflows/cloud-docker-images.yaml` to also build/push
the `-env-loader` flake attrs (matrix expansion + a `-env-loader` suffix
on the published image name).
- Once CI ships env-loader images via Nix, delete
`crates/cloud/v3-engine-multitenant/Dockerfile_EnvLoader` (the local
Docker build PR'd in #2502).

## Test plan

- [ ] CI evaluates the flake without errors
- [ ] `nix build
.#targets.x86_64-linux.multitenant-engine.x86_64-linux.docker-env-loader`
produces a loadable image
- [ ] Loaded image, with a JSON file at `/secrets/test.json`, exports
the JSON's keys as env vars before exec'ing `multitenant-engine`
- [ ] Loaded image without `/secrets` still launches the binary cleanly

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: Aisura <aisura@aisura.hasura.office>
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Co-authored-by: Tom Skawinski <98830547+tomhasura@users.noreply.github.com>
V3_GIT_ORIGIN_REV_ID: acbf1c737923e18cf3ef76b0120e1bc09a2977e2
As an alternative design for adding catalog names to models.

### What

<!-- What is this PR trying to accomplish (and why, if it's not
obvious)? -->

<!-- Consider: do we need to add a changelog entry? -->

<!-- Does this PR introduce new validation that might break old builds?
-->

<!-- Consider: do we need to put new checks behind a flag? -->

### How

<!-- How is it trying to accomplish it (what are the implementation
steps)? -->

---------

Co-authored-by: Daniel Harvey <danieljamesharvey@gmail.com>
V3_GIT_ORIGIN_REV_ID: 79719e53f31aec85d695a03923b37b567d50caa0
…ss (#2528)

## What

Adds `make_session_for_directory` to the plan-crate golden test runner
(`crates/plan/tests/plan_golden_tests.rs`). Each test fixture directory
may now contain an optional `session_variables.json` (mirroring the
JSON:API golden tests' folder-per-role mechanism) to run the planned
query under a specific role. When the file is absent, the harness
defaults to the **admin** role.

## Why

This is **harness-only infrastructure**, split out from #2527 (the
AISLE-2026-0087 field-level read-permission fix and its
security-specific fixtures) so the reusable harness can be reviewed and
merged independently of the security change. It enables golden tests to
assert role-dependent planning behaviour directly from OpenDD query IR.

## Behaviour-preserving

No existing fixture supplies a `session_variables.json`, so they all
continue to run as `admin` and **no pre-existing snapshots change**. The
only diff vs `main` is the single harness file.

## Testing

`cargo test -p plan` passes (golden: `test_passing_plan`,
`test_failing_plan`; 7 unit tests; 0 failed), with no snapshot diffs.

## Follow-up

Once this merges, #2527 will be rebased to drop this duplicated harness
hunk, leaving #2527 with only the production fix and the security
fixtures.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
V3_GIT_ORIGIN_REV_ID: 189765591b7ad4803f2a3938cdae0adfe24fb08b
Automated changelog update for release v2026.06.10.

V3_GIT_ORIGIN_REV_ID: dbfcf4cc1dddc4a69f000c8ae4ca59d569bb373e
…ode (#2535)

## Summary

Queries over external/Iceberg (Shelf) tables via `/v1/sql` fail with
`pushdown not supported: LogicalPlan::TableScan is not supported` (and
300s timeouts) when running in `Required` relational-pushdown mode and
there is no pushdown-capable connector (e.g. Trino) handling the scan.
Aggregations / `GROUP BY` / unbounded `WHERE` queries are the typical
triggers.

Originating thread:
https://prompt.ql.app/project/hasuraql/promptql-playground/thread/bc16a309-32dd-40a9-8775-e7506212339b

## Root cause

When Trino is not used, the raw `LogicalPlan::TableScan` for an
external/Iceberg table is left untouched by `ReplaceTableScan` (it only
rewrites `model::Table`-backed scans) and reaches the `absorb_into_rel`
optimizer rule (`AbsorbIntoRel`).

In `from_df_plan`
(`crates/cloud/sql/src/execute/relational/relational_plan.rs`), the
raw/external `TableScan` fall-through was classified as
`RelationalPushdownError::NotSupported`:

```rust
Err(RelationalPushdownError::NotSupported(
    RelationalPushdownPlanNotSupported::Other(
        "LogicalPlan::TableScan is not supported".into(),
    ).into(),
))
```

`filter_out_with_reason` treats the `NotSupported` bucket as
**mode-dependent**: graceful under `IfSupported`/`Never`, but a **hard
error under `Required`**. So under `Required` mode the `?` in
`AbsorbIntoRel::rewrite` propagates the error out of the optimizer and
it surfaces to the caller as `pushdown not supported:
LogicalPlan::TableScan is not supported`, rather than the optimizer
simply leaving the plan alone for datafusion-iceberg to execute.

Notably, the two sibling branches in that same match arm —
`information_schema`/`hasura` scans and command-backed scans — are
already classified as `KnownNotSupported` ("things that will never
pushdown, but we are fine with this"), which `filter_out_with_reason`
treats as **always graceful regardless of mode**. The external/Iceberg
case was simply never added to that bucket.

For an aggregation/`GROUP BY` query (`Projection → Aggregate →
TableScan`), the bottom-up optimizer visits the leaf `TableScan` first,
which is why the user-visible error is the `TableScan` message even for
`GROUP BY`.

## Fix

Re-classify the raw/external `TableScan` as `KnownNotSupported`,
matching its sibling branches:

- Add `RelationalPushdownKnownNotSupported::ExternalTableScan`
(`crates/cloud/sql/src/execute/relational/error.rs`).
- Return that variant from the fall-through arm in `from_df_plan`
instead of `NotSupported`.

An external/Iceberg `TableScan` has no NDC relational connector to
absorb into, so it genuinely "will never push down, and that's fine".
With this change `AbsorbIntoRel` returns `Transformed::no(plan)` even
under `Required` mode and datafusion-iceberg executes the raw scan,
instead of the optimizer erroring out.

## ⚠️ Open question for reviewers (please weigh in)

This also makes a raw external `TableScan` graceful under `Required`
mode. `Required` means "must push down or fail". For an external Iceberg
table there is no connector to push into, so treating it as a hard
failure was arguably never meaningful — which is why this change groups
it with the other always-graceful `KnownNotSupported` cases.

However, if the team wants `Required` to keep **hard-failing for other
genuinely-unpushable leaf nodes** while allowing external tables
through, the `TableScan` branch could instead be **split by provider
type** (external/Iceberg provider → `KnownNotSupported`; everything else
→ keep `NotSupported`). I did not implement that split because the
current code does not make the external-vs-other provider distinction
trivially at this point, and it would change `Required`-mode semantics
for non-external scans. Happy to do it if reviewers prefer.

## Tests

Added unit tests in `relational_plan.rs` that build a raw `TableScan`
over a non-model (`EmptyTable`) provider standing in for an
external/Iceberg table:

- `external_table_scan_is_known_not_supported` — `from_df_plan` returns
`KnownNotSupported::ExternalTableScan`.
- `external_table_scan_is_graceful_in_all_modes` —
`filter_out_with_reason` returns the graceful `NoReason` in `Required`,
`IfSupported`, and `Never` modes (the regression assertion: no hard
error under `Required`).

## Verification

- `cargo test -p sql --lib` — 96 passed, 0 failed.
- `cargo clippy -p sql --all-targets --no-deps` — clean.
- `cargo fmt --check -p sql` — clean.
- Added a `changelog.md` Fixed entry.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: Phil Freeman <phil@hasura.io>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
V3_GIT_ORIGIN_REV_ID: e0168d419d9cc4f92fe803d7ea99e3909d8f17c4
…lean (#2542)

## What

Adds the currently-surfaced `cargo audit` advisory **RUSTSEC-2024-0436**
(`paste` — no longer maintained) to the ignore list in
`.cargo/audit.toml`, appending to the existing ignore list rather than
replacing it.

## Why

These advisories are all currently **unfixable**, so we want `cargo
audit` to pass by ignoring them.

`RUSTSEC-2024-0436` (`paste`) is a proc-macro pulled in transitively via
`parquet` / `datafusion`. It has no maintained drop-in replacement, so
there is no current fix. It was the only advisory still surfaced by
`cargo audit` that was not already in the ignore list.

> Note: with the previous config `cargo audit` already exited `0`
because `paste` is reported as an *unmaintained* warning rather than a
hard vulnerability. This change suppresses that remaining warning so the
audit output is fully clean. The pre-existing ignores
(`RUSTSEC-2024-0437`, `RUSTSEC-2023-0071`, `RUSTSEC-2026-0176`,
`RUSTSEC-2026-0177`) are left untouched.

## Verification

`cargo audit` now reports no warnings and no vulnerabilities (exit 0).

## Traceability

PromptQL thread:
https://prompt.ql.app/project/hasuraql/promptql-playground/thread/d563bd3e-abe5-4079-94f9-a4e4e99f27b4

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: Daniel Harvey <4729125+danieljharvey@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
V3_GIT_ORIGIN_REV_ID: 4cf1d7d18546ef86c9d2d9724974085e95b2e4a3
#2527)

## Summary

Order-by and filter operands were resolved straight from the unfiltered
object type's `type_mappings`, without checking the field against the
role-filtered `OutputObjectTypeView`. A low-privilege caller could
**order or filter results by a column hidden from their role** (e.g.
`salary`) and infer the hidden values through ordering / predicate
side-channels (binary-search via pagination/filters) — even though the
field itself is omitted from the response.

- **CWE-285** (Improper Authorization), tracked as **AISLE-2026-0087**.
- GraphQL and SQL never surfaced this because their generated schemas
don't expose hidden fields. **JSON:API builds order-by/filter straight
from free-form `sort`/`filter` query params**, which is where the gap
was reachable.

## Fix

The fix lives in the `plan` crate so **all frontends are covered
uniformly** (`to_resolved_order_by_element` and the filter resolver are
the single shared planning path used by GraphQL, SQL and JSON:API):

- **`order_by.rs::resolve_field_operand`** — look up the field via
`OutputObjectTypeView::get_field` before resolving its NDC column from
`type_mappings`. Also lets us drop the redundant `.fields.get(..)`
lookup in the nested branch.
- **`filter.rs::to_field_comparison_expression`** — hoist a single
`get_field` check to the top, covering both the scalar and nested-object
branches, and replacing a misleading `PlanError::Internal` with the
proper user-facing permission error. (Filtering already rejected hidden
scalar fields, but via an internal-error path and without covering the
nested-object branch.)

Both paths now reject hidden fields with the user-facing
`PermissionError::ObjectFieldNotFound` ("no permission to select from
field …").

## Tests

- New JSON:API golden regression test
`crates/jsonapi/tests/failing/sort_by_unauthorized_field/`: as role
`user_1` (who cannot see `Album.ArtistId`),
`fields[Album]=AlbumId,Title&sort=-ArtistId` now returns a permission
error instead of leaking rows ordered by the hidden column.
- Taught the jsonapi golden harness to run a case under a non-admin role
via a per-directory `session_variables.json`, mirroring the `/v1/sql`
golden tests. Existing tests default to `admin` and are unchanged.

## Audit

While here, I audited every field-access site in `plan` against the
principle "resolve user-referenced fields through
`OutputObjectTypeView`":
- **Output domain:** the two sites above were the only gaps;
`column.rs`, `field_selection.rs`, relationship source fields already
enforce via `get_field`. Relationship join-key mappings and argument
presets operate on a different (non-output) domain.
- **Input domain:** no analogous gap. Input permissions are preset-based
(forced values via `InputObjectTypeView::field_presets`), enforced
centrally in `apply_input_field_presets_to_value`, and every frontend
(GraphQL via `query_to_plan`, SQL via `execute/planner`, JSON:API via
the handler) funnels through plan's
`from_model_selection`/`from_command`.

## Verification

- `cargo fmt --check`, `prettier --check`, `cargo clippy --all-targets
--no-deps` — clean
- `just test` (full workspace + doctests, with Docker deps) — all
passing

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-authored-by: dliub <build@hasura.io>
V3_GIT_ORIGIN_REV_ID: eb1f87937f1bc8d92016c467911c7962bbeeb82c
<!-- The PR description should answer 2 important questions: -->

### What

<!-- What is this PR trying to accomplish (and why, if it's not
obvious)? -->

<!-- Consider: do we need to add a changelog entry? -->

<!-- Does this PR introduce new validation that might break old builds?
-->

<!-- Consider: do we need to put new checks behind a flag? -->

### How

<!-- How is it trying to accomplish it (what are the implementation
steps)? -->

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
V3_GIT_ORIGIN_REV_ID: a68581798510a16aafee05f737caf0c724dd019f
Automated changelog update for release v2026.07.15.

V3_GIT_ORIGIN_REV_ID: 2276090e010cba4830c5e9d3da9adc61a525cd50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.