chore(deps): bump diesel from 2.3.6 to 2.3.8

[dependabot]

Bumps diesel from 2.3.6 to 2.3.8.

Changelog

Sourced from diesel's changelog.

[2.3.8] 2026-04-24

• Added support for libsqlite3-sys 0.37.0
• Raise a compile-time error when mixing aggregate and non-aggregate expressions in an ORDER BY clause without a GROUP BY clause
• Calling .count() or .select(aggregate_expr) on a query that already has a non-aggregate .order_by() clause now raises a compile-time error instead of generating invalid SQL that would be rejected by the database at runtime (fixes #3815)
• Added documentation for migration transaction behaviour at the crate root
• Improved compile time error messages for #[derive(AsChangeset)]
• Allow to use generic types in infix_operator!()
• Fixes for several instances of unsound, unspecified or otherwise dangerous behaviour:
  • Unsound string construction in SqliteValue::read_text/FromSql<Text, Sqlite> for String
  • Invalid alignment for over aligned data in SqliteConnection::register_function for aggregate functions
  • Potential memory leaks in SqliteConnection::register_function
  • Access to padding bytes while serializing Date/time types in the Mysql backend
  • SQL Option Injection in PostgreSQL COPY FROM/TO
  • Unspecified pointer cast in Debug/Display implementation of batch INSERT statements for SQLite
  • Invalid call order of SQLite API functions in SqliteValue::read_text/FromSql<Text, Sqlite> for String/SqliteValue::read_blob()/FromSql<Binary, Sqlite> for Vec<u8>
  • Potential unsound pointer access for FromSql<Binary, _> for Vec<u8> and FromSql<Text, _> for String for third party backends (requires changes to the third party backend as well)

[2.3.7] 2026-03-13

• Add support for libsqlite3-sys 0.36
• Fix a potential resource leak if establishing a SqliteConnection fails.

Commits

• 58820dc Merge pull request #5036 from weiznich/prepare_2.3.8
• 895b5ba Prepare a 2.3.8 release
• ea008d3 Fix several UB instances
• 64003c6 Merge pull request #5034 from ayarotsky/fix-reject-aggregate-select-with-non-...
• 49b936e Merge pull request #5012 from ayarotsky/fix-aggregate-expressions-and-order-by
• d4a0495 Merge pull request #5035 from weiznich/bump/rust_1.95
• 5e0289e Merge pull request #5027 from barry3406/fix/infix-operator-generic-types
• 367c7f5 Merge pull request #5017 from ThunderComplex/feature/ignore_empty_dir_in_migr...
• 305cc7a Merge pull request #5011 from ayarotsky/docs-transaction-behavior
• 6797867 Merge pull request #5009 from XiaoPengMei/docs/clarify-insertable-serialize-a...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.