Closed
Description
Bug Description
Adding the chrono feature, makes sqlx depend on mysql (in fact, it also sqlite and postgres) inside the Cargo.lock file.
Note: cargo tree does not show the mysql dependency.
Minimal Reproduction
cargo new sqlx-mysql-bug- modify
Cargo.toml
[package]
name = "sqlx-mysql-bug"
version = "0.1.0"
edition = "2021"
resolver = "2"
[dependencies]
sqlx = { version = "0.8.2", default-features = false, features = [
"chrono",
"postgres", #optional
] }cargo checkcat Cargo.lock
Info
- SQLx version:
0.8.2 - SQLx features enabled: 'chrono', 'postgres'
- Database server and version: no database connection necessary
- Operating system: 'Linux pc 6.10.10-arch1-1 Add support for pluggable auth to MySQL #1 SMP PREEMPT_DYNAMIC Thu, 12 Sep 2024 17:21:02 +0000 x86_64 GNU/Linux'
rustc --version: rustc 1.81.0 (eeb90cda1 2024-09-04)
Additional Info
Why is this important? Adding sqlx-mysql add https://rustsec.org/advisories/RUSTSEC-2023-0071.html to my project with makes CI go Brrrr.
I am no expert on the Cargo.toml, i am wondering why sqlx-mysql doesnt get compiled while running cargo check, nor does it appear in the cargo tree. However it gets added to Cargo.lock. maybe its an issue with rust itself, or just cargo audit. Though its kinda interesting that it only appears to trigger for the chrono crate.