fix(deps): update rust crate sqlx to 0.9

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
sqlx	dependencies	minor	0.8 → 0.9

---

Release Notes

launchbadge/sqlx (sqlx)

v0.9.0

Compare Source

Important Announcements

New Github Organization

Shortly after this release is published, the SQLx repository will be transferred to a new GitHub organization:
https://github.com/transact-rs/

This is because SQLx has not been owned or maintained by LaunchBadge, LLC. for a few years now, and has since been
informally transferred to the collective ownership of its principal authors. Moving the repository to a new
organization makes this change more clear, and also allows for potentially inviting outside collaborators.

Cargo.lock Removed from Tracking

The Cargo.lock has been removed from tracking in Git. CI should now always test with the latest versions of
all dependencies by default, alongside our pass that checks with cargo generate-lockfile -Z minimal-versions.

This should eliminate the need for any PRs that update dependencies to also update Cargo.lock or
contend with an endless stream of merge conflicts against it.

N.B. cargo install --locked sqlx-cli will no longer work. However, cargo install sqlx-cli has always
used the latest dependencies by default, ignoring the lockfile, so most users should not be affected. For users
requiring reproducible builds, consider maintaining your own lockfile instead; historically, we only ran cargo update
sporadically, so relying on SQLx's lockfile offered few guarantees anyway.

See the manual page for cargo install for details.

Breaking

As per our MSRV policy, the supported Rust version for this release cycle is 1.94.0.

• [#​3383]: feat: create sqlx.toml format [[@​abonander]]
  • SQLx and sqlx-cli now support per-crate configuration files (sqlx.toml)
  • New functionality includes, but is not limited to:
    • Rename DATABASE_URL for a crate (for multi-database workspaces)
    • Set global type overrides for the macros (supporting custom types)
    • Rename or relocate the _sqlx_migrations table (for multiple crates using the same database)
    • Set characters to ignore when hashing migrations (e.g. ignore whitespace)
  • More to be implemented in future releases.
  • Enable feature sqlx-toml to use.
    • sqlx-cli has it enabled by default, but sqlx does not.
    • Default features of library crates can be hard to completely turn off because of feature unification,
      so it's better to keep the default feature set as limited as possible.
      This is something we learned the hard way.
  • Guide: see sqlx::_config module in documentation.
  • Reference: [Link]
  • Examples (written for Postgres but can be adapted to other databases; PRs welcome!):
    • Multiple databases using DATABASE_URL renaming and global type overrides: [Link]
    • Multi-tenant database using _sqlx_migrations renaming and multiple schemas: [Link]
    • Force use of chrono when time is enabled (e.g. when using tower-sessions-sqlx-store): [Link]
      • Forcing bigdecimal when rust_decimal is enabled is also shown, but problems with chrono/time are more common.
  • Breaking changes:
    • Significant changes to the Migrate trait
    • sqlx::migrate::resolve_blocking() is now #[doc(hidden)] and thus SemVer-exempt.
• [#​3486]: fix(logs): Correct spelling of aquired_after_secs tracing field [[@​iamjpotts]]
  • Breaking behavior change: implementations parsing tracing logs from SQLx will need to update the spelling.
• [#​3495]: feat(postgres): remove lifetime from PgAdvisoryLockGuard [[@​bonsairobo]]
• [#​3526]: Return &mut Self from the migrator set_ methods [[@​nipunn1313]]
  • Minor breaking change: Migrator::set_ignore_missing and set_locking now return &mut Self instead of &Self
    which may break code in rare circumstances.
• [#​3541]: Postgres: force generic plan for better nullability inference. [[@​joeydewaal]]
  • Breaking change: may alter the output of the query!() macros for certain queries in Postgres.
• [#​3613]: fix: RawSql lifetime issues [[@​abonander]]
  • Breaking change: adds DB type parameter to all methods of RawSql
• [#​3670]: Bump ipnetwork to v0.21.1 [[@​BeauGieskens]]
• [#​3674]: Implement Decode, Encode and Type for Box, Arc, Cow and Rc [[@​joeydewaal]]
  • Breaking change: impl Decode for Cow now always decodes Cow::Owned, lifetime is unlinked
  • See this discussion for motivation: #​3674 (comment)
• [#​3723]: Add SqlStr [[@​joeydewaal]]
  • Breaking change: all query*() functions now take impl SqlSafeStr
    which is only implemented for &'static str and AssertSqlSafe.
    For all others, wrap in AssertSqlSafe(<query>).
  • This, along with [#​3960], finally allows returning owned queries as the type will be Query<'static, DB>.
  • SqlSafeStr trait is deliberately similar to std::panic::UnwindSafe,
    serving as a speedbump to warn users about naïvely building queries with format!()
    while allowing a workaround for advanced usage that is easy to spot on code review.
• [#​3800]: Escape PostgreSQL Options [[@​V02460]]
  • Breaking behavior change: options passed to PgConnectOptions::options() are now automatically escaped.
    Manual escaping of options is no longer necessary and may cause incorrect behavior.
• [#​3821]: Groundwork for 0.9.0-alpha.1 [[@​abonander]]
  • Increased MSRV to 1.86 and set rust-version
  • Deleted deprecated combination runtime+TLS features (e.g. runtime-tokio-native-tls)
  • Deleted re-export of unstable TransactionManager trait in sqlx.
    • Not technically a breaking change because it's #[doc(hidden)],
      but it will break SeaORM if not proactively fixed.
• [#​3924]: breaking(mysql): assume all non-binary collations compatible with str [[@​abonander]]
  • Text (or text-like) columns which previously were inferred to be Vec<u8> will be inferred to be String
    (this should ultimately fix more code than it breaks).
  • SET NAMES utf8mb4 COLLATE utf8_general_ci is no longer sent by default; instead, SET NAMES utf8mb4 is sent to
    allow the server to select the appropriate default collation (since this is version- and configuration-dependent).
  • MySqlConnectOptions::charset() and ::collation() now imply ::set_names(true) because they don't do anything otherwise.
  • Setting charset doesn't change what's sent in the Protocol::HandshakeResponse41 packet as that normally only
    matters for error messages before SET NAMES is sent.
    The default collation if set_names = false is utf8mb4_general_ci.
  • See this comment for details.
  • Incidental breaking change: RawSql::fetch_optional() now returns sqlx::Result<Option<DB::Row>>
    instead of sqlx::Result<DB::Row>. Whoops.
• [#​3928]: breaking(sqlite): libsqlite3-sys versioning, feature flags, safety changes [[@​abonander]]
  • SemVer policy changes: libsqlite3-sys version is now specified using a range.
    The maximum of the range may now be increased in any backwards-compatible release.
    The minimum of the range may only be increased in major releases.
    If you have libsqlite3-sys in your dependencies, Cargo should choose a compatible version automatically.
    If otherwise unconstrained, Cargo should choose the latest version supported.
  • SQLite extension loading (including through the new sqlx-toml feature) is now unsafe.
  • Added new non-default features corresponding to conditionally compiled SQLite APIs:
    • sqlite-deserialize enabling SqliteConnection::serialize() and SqliteConnection::deserialize()
    • sqlite-load-extension enabling SqliteConnectOptions::extension() and ::extension_with_entrypoint()
    • sqlite-unlock-notify enables internal use of sqlite3_unlock_notify()
  • SqliteValue and SqliteValueRef changes:
    • The sqlite3_value* interface reserves the right to be stateful.
      Without protection, any call could theoretically invalidate values previously returned, leading to dangling pointers.
    • SqliteValue is now !Sync and SqliteValueRef is !Send to prevent data races from concurrent accesses.
      • Instead, clone or wrap the SqliteValue in Mutex, or convert the SqliteValueRef to an owned value.
    • SqliteValue and any derived SqliteValueRefs now internally track if that value has been used to decode a
      borrowed &[u8] or &str and errors if it's used to decode any other type.
    • This is not expected to affect the vast majority of usages, which should only decode a single type
      per SqliteValue/SqliteValueRef.
    • See new docs on SqliteValue for details.
• [#​3949]: Postgres: move PgLTree::from to From<Vec<PgLTreeLabel>> implementation [[@​JerryQ17]]
• [#​3957]: refactor(sqlite): do not borrow bound values, delete lifetime on SqliteArguments [[@​iamjpotts]]
• [#​3958]: refactor(any): Remove lifetime parameter from AnyArguments [[@​iamjpotts]]
• [#​3960]: refactor(core): Remove lifetime parameter from Arguments trait [[@​iamjpotts]]
• [#​3993]: Unescape PostgreSQL passfile password [[@​V02460]]
  • Previously, .pgpass file handling did not process backslash-escapes in the password part.
    Now it does, which may change what password is sent to the server.
• [#​4008]: make #[derive(sqlx::Type)] automatically generate impl PgHasArrayType by default for newtype structs [[@​papaj-na-wrotkach]]
  • Manual implementations of PgHasArrayType for newtypes will conflict with the generated one.
    Delete the manual impl or add #[sqlx(no_pg_array)] where conflicts occur.
• [#​4077]: breaking: make offline optional to allow building without serde [[@​CathalMullan]]
• [#​4094]: Bump bit-vec to v0.8 [[@​zennozenith]]
• [#​4142]: feat(mysql): add mysql-rsa feature for non-TLS RSA auth [[@​dertin]]
  • Connections requiring RSA password encryption now need to enable the mysql-rsa feature
    or an error will be generated at runtime. RSA encryption is only used for plaintext (non-TLS) connections.
• [#​4255]: breaking(any+mysql): correctly convert text and blob types to AnyTypeInfo [[@​abonander]]

Added

• [#​3641]: feat(Postgres): support nested domain types [[@​joeydewaal]]
• [#​3651]: Add PgBindIter for encoding and use it as the implementation encoding &[T] [[@​tylerhawkes]]
• [#​3675]: feat: implement Encode, Decode, Type for Arc<str> and Arc<[u8]> (and Rc equivalents) [[@​joeydewaal]]
• [#​3791]: Smol+async global executor 1.80 dev [[@​martin-kolarik]]
  • Adds runtime-smol and runtime-async-global-executor features to replace usages of the deprecated async-std crate.
• [#​3859]: Add more JsonRawValue encode/decode impls. [[@​Dirbaio]]
• [#​3881]: CLi: made cli-lib modules publicly available for other crates [[@​silvestrpredko]]
• [#​3889]: Compile-time support for external drivers [[@​bobozaur]]
• [#​3917]: feat(sqlx.toml): support SQLite extensions in macros and sqlx-cli [[@​djarb]]
• [#​3918]: Feature: Add exclusion violation error kind [[@​barskern]]
• [#​3971]: Allow single-field named structs to be transparent [[@​Xiretza]]
• [#​4015]: feat(sqlite): no_tx migration support [[@​AlexTMjugador]]
• [#​4020]: Add Migrator::with_migrations() constructor [[@​xb284524239]]
• [#​3846]: Add the possibility to skip migrations [[@​Dosenpfand]]
• [#​4107]: Add SQLite extension entrypoint config to sqlx.toml, update SQLite extension example [[@​supleed2]]
• [#​4118]: [postgres] Display line number in error message [[@​mousetail]]
• [#​4123]: feat: add Json::into_inner() [[@​chrxn1c]]
• [#​4153]: Add on unimplemented diagnostic to SqlStr [[@​joeydewaal]]
• [#​4167]: add sqlite serialize/deserialize example [[@​mattrighetti]]
• [#​4228]: sqlx-postgres: Make PgNotification struct clone [[@​michaelvanstraten]]

Changed

• [#​3525]: Remove unnecessary boxfutures [[@​joeydewaal]]
• [#​3867]: sqlx-postgres: Bump etcetera to 0.10.0 [[@​miniduikboot]]
• [#​3709]: chore: replace once_cell OnceCell/Lazy with std OnceLock/LazyLock [[@​paolobarbolini]]
• [#​3890]: feat: Unify Debug implementations across PgRow, MySqlRow and SqliteRow [[@​davidcornu]]
• [#​3911]: chore: upgrade async-io to v2.4.1 [[@​zebrapurring]]
• [#​3938]: Move QueryLogger back [[@​joeydewaal]]
• [#​3956]: chore(sqlite): Remove unused test of removed git2 feature [[@​iamjpotts]]
• [#​3962]: Give SQLX_OFFLINE_DIR from environment precedence in macros [[@​psionic-k]]
• [#​3968]: chore(ci): Add timeouts to ci jobs [[@​iamjpotts]]
• [#​4002]: sqlx-postgres(tests): cleanup 2 unit tests. [[@​joeydewaal]]
• [#​4022]: refactor: tweaks after #​3791 [[@​abonander]]
• [#​4257]: Prefer to give real data to .bind() in README.md [[@​sobolevn]]
• [#​4042]: Update to webpki-roots 1 [[@​tottoto]]
• [#​4072]: chore: update hashlink to v0.11.0 [[@​anmolitor]]
• [#​4143]: Bump whoami to v2 [[@​tisonkun]]
• [#​4161]: sqlx-sqlite: relax libsqlite3-sys constraint to allow 0.36.x [[@​darioAnongba]]
• [#​4173]: ci: check direct minimal versions [[@​ricochet]]
  • Note: reverted in 0.9.0 release but still listed for contributor credit. See end of PR thread for details.
• [#​4189]: Bump flume to 0.12.0 [[@​opoplawski]]
• [#​4223]: test(sqlite): add regression test for ORDER BY + LIMIT nullability (#​4147) [[@​barry3406]]
• [#​4230]: chore: Update to cargo_metadata 0.23 [[@​tottoto]]
• [#​4233]: Change reference to dotenvy [[@​graemer957]]
• [#​4235]: chore: Update to validator 0.20 [[@​tottoto]]
• [#​4253]: chore: update example to axum 0.8 [[@​tottoto]]
• Release PR:
  • Upgraded all Rust-Crypto crates, rand
  • Upgraded etcetera to 0.11.0
  • Increased max of libsqlite3-sys version range to <0.38.0

Fixed

• [#​3840]: Fix docs.rs build of sqlx-sqlite [[@​gferon]]
• [#​3848]: fix(macros): don't mutate environment variables [[@​joeydewaal]]
• [#​3856]: fix(macros): slightly improve unsupported type error message [[@​dyc3]]
• [#​3857]: fix(mysql): validate parameter count for prepared statements [[@​cvzx]]
• [#​3861]: Fix NoHostnameTlsVerifier for rustls 0.23.24 and above [[@​elichai]]
• [#​3863]: Use unnamed statement in pg when not persistent [[@​ThomWright]]
• [#​3874]: Further reduce dependency on futures and futures-util [[@​paolobarbolini]]
• [#​3886]: fix: use Executor::fetch in QueryAs::fetch [[@​bobozaur]]
• [#​3910]: feat(ok): add correct handling of ok packets in MYSQL implementation [[@​0xfourzerofour]]
• [#​3914]: fix: regenerate test certificates [[@​abonander]]
• [#​3915]: fix: spec_error is used by try_from derive [[@​saiintbrisson]]
• [#​3919]: fix[sqlx-postgres]: do a checked_mul to prevent panic'ing [[@​nhatcher-frequenz]]
• [#​3923]: sqlx-mysql: Fix bug in cleanup test db's. [[@​joeydewaal]]
• [#​3950]: chore: Fix warnings for custom postgres_## cfg flags [[@​iamjpotts]]
• [#​3952]: Pool.close: close all connections before returning [[@​jpmelos]]
• [#​3975]: fix documentation for rustls native root certificates [[@​2ndDerivative]]
• [#​3977]: refactor(ci): Use separate job for postgres ssl auth tests [[@​iamjpotts]]
• [#​3980]: Correctly ROLLBACK transaction when dropped during BEGIN. [[@​kevincox]]
• [#​3981]: SQLite: fix transaction level accounting with bad custom command. [[@​kevincox]]
• [#​3986]: chore(core): Fix docstring for Query::try_bind [[@​iamjpotts]]
• [#​3987]: chore(deps): Resolve deprecation warning for chrono Date and ymd methods [[@​iamjpotts]]
• [#​3988]: refactor(sqlite): Resolve duplicate test target warning for macros.rs [[@​iamjpotts]]
• [#​3989]: chore(deps): Set default-features=false on sqlx in workspace.dependencies [[@​iamjpotts]]
• [#​3991]: fix(sqlite): regression when decoding nulls [[@​abonander]]
• [#​4006]: PostgreSQL SASL – run SHA256 in a blocking executor [[@​ThomWright]]
• [#​4007]: fix(compose): use OS-assigned ports for all conatiners [[@​papaj-na-wrotkach]]
• [#​4009]: Drop cached db connections in macros upon hitting an error [[@​swlynch99]]
• [#​4024]: fix(sqlite) Migrate revert with no-transaction [[@​Dosenpfand]]
• [#​4027]: native tls handshake: build TlsConnector in blocking threadpool [[@​daviduebler]]
• [#​4053]: fix(macros): smarter .env loading, caching, and invalidation [[@​abonander]]
  • Additional credit to [[@​AlexTMjugador]] ([#​4018]) and [[@​Diggsey]] ([#​4039]) for their proposed solutions
    which served as a useful comparison.
• [#​4068]: Fix typo in migration example from 'uesrs' to 'users' [[@​squidpickles]]
• [#​4069]: fix some spelling issues [[@​joeydewaal]]
• [#​4086]: fix(mysql): Work around for Issue #​2206 (ColumnNotFound error when querying) [[@​duelafn]]
• [#​4088]: (Fix) Handle nullability of SQLite rowid alias columns [[@​Lege19]]
• [#​4100]: postgres: update pgpass path on windows [[@​joeydewaal]]
• [#​4134]: fix CI: replace removed macOS runner, deprecated use of Command::cargo_bin() [[@​abonander]]
• [#​4136]: Ensure Deterministic Migration Order [[@​aoengin]]
• [#​4158]: Fix panic in JSONB decoder on invalid version byte [[@​jrey8343]]
• [#​4165]: sqlx-postgres: fix correct operator precedence in byte length check [[@​cuiweixie]]
• [#​4171]: fix(postgres): remove home crate in favor of std::env::home_dir [[@​ricochet]]
• [#​4172]: fix(sqlx-cli): bump openssl minimum to 0.10.46 [[@​ricochet]]
• [#​4176]: fix(mysql): return error instead of panic on truncated OK packet [[@​cvzx]]
• [#​4199]: fix(postgres): make advisory lock cancel safe [[@​joeydewaal]]
• [#​4201]: Fix SCRAM password SASLprep [[@​var4yn]]
• [#​4202]: fix: replace from_utf8_unchecked with from_utf8_lossy in SqliteError [[@​joaquinhuigomez]]
• [#​4203]: fix: use sqlite3_value_text for REGEXP to match SQLite coercion [[@​joaquinhuigomez]]
• [#​4219]: sqlite: lossily coerce invalid UTF-8 in custom collation callback [[@​joaquinhuigomez]]
• [#​4221]: fix: replace from_utf8_unchecked with from_utf8 in SQLite column name handling [[@​barry3406]]
• [#​4226]: fix(postgres): use non-prepared statements for metadata queries [[@​abonander]]
• [#​4227]: fix(macros-core): update unstable proc_macro APIs for recent nightly [[@​barry3406]]
• [#​4234]: fix: Use correct path in error when failing to create tmp dir in prepare [[@​Miesvanderlippe]]
• [#​4245]: fix(mysql): repair caching_sha2_password fast-auth path [[@​altmannmarcelo]]
• [#​4251]: fix(tls): potential deadlock in StdSocket::poll_ready() [[@​abonander]]

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path Cargo.toml --workspace
    Updating crates.io index
error: failed to select a version for `sqlx`.
    ... required by package `outlet-postgres v0.5.1 (/tmp/renovate/repos/github/doublewordai/outlet-postgres)`
versions that meet the requirements `^0.9` are: 0.9.0

package `outlet-postgres` depends on `sqlx` with feature `runtime-tokio-rustls` but `sqlx` does not have that feature.
 available features: _rt-async-global-executor, _rt-async-std, _rt-smol, _rt-tokio, _sqlite, _unstable-all-types, _unstable-docs, all-databases, any, bigdecimal, bit-vec, bstr, chrono, default, derive, ipnet, ipnetwork, json, mac_address, macros, migrate, mysql, mysql-rsa, postgres, regexp, runtime-async-global-executor, runtime-async-std, runtime-smol, runtime-tokio, rust_decimal, sqlite, sqlite-bundled, sqlite-deserialize, sqlite-load-extension, sqlite-preupdate-hook, sqlite-unbundled, sqlite-unlock-notify, sqlx-macros, sqlx-mysql, sqlx-postgres, sqlx-sqlite, sqlx-toml, time, tls-native-tls, tls-none, tls-rustls, tls-rustls-aws-lc-rs, tls-rustls-ring, tls-rustls-ring-native-roots, tls-rustls-ring-webpki, uuid


failed to select a version for `sqlx` which could resolve this conflict

[doubleword-code]

Summary

This PR updates the sqlx dependency from version 0.8 to 0.9, a major version upgrade released on May 6, 2026. The change is minimal (single line in Cargo.toml) but carries significant implications due to breaking changes in the sqlx ecosystem.

Verdict: Needs verification before approval - while the code changes are minimal, several breaking changes in sqlx 0.9 could affect this crate.

Research notes

Key findings from sqlx 0.9.0 CHANGELOG:

Breaking Changes Relevant to This Crate:

1. MSRV increased to Rust 1.94.0 (from 1.86) - may require toolchain update
2. Migrator trait changes (#3383) - significant changes to Migrate trait, affects migrator() function exported by this crate
3. Migrator::set_ignore_missing and set_locking return &mut Self instead of &Self (#3526)
4. Lifetime parameter removed from Arguments trait (#3960) - affects query building
5. All query*() functions now take impl SqlSafeStr (#3723) - only implemented for &'static str and AssertSqlSafe
6. PostgreSQL options escaping (#3800) - options passed to PgConnectOptions::options() are now automatically escaped
7. Removed deprecated runtime+TLS features (#3821) - e.g., runtime-tokio-native-tls
8. libsqlite3-sys versioning policy changed - uses semver range, max version may increase in minor releases

Non-Breaking but Notable:

• New sqlx.toml configuration file support (requires sqlx-toml feature)
• GitHub organization transfer pending (moving to transact-rs)
• Cargo.lock removed from tracking in sqlx repo

Code Impact Analysis

Safe Areas (No Breaking Changes Expected):

1. Basic query execution (sqlx::query(), .bind(), .execute()): The core usage pattern in src/lib.rs lines 478-498, 537-549, 617-637, 697-709 uses standard query API with &str literals which satisfy SqlSafeStr

2. Pool operations (PgPool::connect, PoolProvider): No breaking changes affecting pool creation or the PoolProvider trait from sqlx-pool-router

3. Type derives (Type, Encode, Decode): The crate doesn't use custom #[derive(sqlx::Type)] for newtype structs that would conflict with auto-generated PgHasArrayType

Potentially Affected Areas:

1. Migration system (src/lib.rs:129-132):

   pub fn migrator() -> sqlx::migrate::Migrator {
       sqlx::migrate!("./migrations")
   }

   The Migrate trait has significant changes (#3383). While sqlx::migrate!() macro should still work, the public API exposes Migrator which consumers might interact with differently.

2. QueryBuilder usage (src/repository.rs:69-239):
   Uses QueryBuilder<'_, sqlx::Postgres> with .push_bind(). The lifetime removal from Arguments trait (#3960) shouldn't affect this since it's using concrete types, but verification needed.

3. Test fixtures (#[sqlx::test] attributes throughout tests):
   The #[sqlx::test] macro behavior may have changed, particularly around database cleanup and test isolation.

Suggested next steps

1. Run full test suite: cargo test must pass with sqlx 0.9. Pay special attention to:

   • Migration-related tests
   • Tests using TestDbPools for read/write separation
   • QueryBuilder-based queries in repository tests

2. Verify MSRV compatibility: Ensure CI toolchain supports Rust 1.94.0+

3. Check dependent crates: If other crates in the outlet ecosystem depend on this, verify they compile against sqlx 0.9

4. Review migration docs: Check if any migration workflow changes are needed based on #3383

5. Update lockfile: Run cargo update to ensure Cargo.lock reflects compatible transitive dependencies

General findings

Non-blocking: The single-line version bump is appropriate for a dependency update PR. However, major version upgrades should ideally include:

• A note in the commit message about verified compatibility
• Mention of any required downstream changes (e.g., MSRV bump)
• Confirmation that all tests pass locally before merge

The PR description "fix(deps): update rust crate sqlx to 0.9" follows conventional commits but doesn't capture the scope of a major version upgrade. Consider amending to note any breaking changes or verification steps taken.