fix(deps): upgrade diesel to 2.3.8 for RUSTSEC-2026-0111

[samrusani]

Description

Upgrade Diesel dependencies from 2.2.10 to 2.3.8 across Tari crates that use the SQLite backend, and refresh diesel_migrations to 2.3.

This addresses the RUSTSEC-2026-0111 advisory (possible UTF-8 corruption unsoundness in Diesel's SQLite backend).

Motivation and Context

Issue #7787 reports that the workspace lockfile includes vulnerable diesel 2.2.10.

This patch keeps the scope limited to dependency updates in crates that directly depend on Diesel:

• common_sqlite
• comms/core
• comms/dht
• base_layer/wallet
• base_layer/transaction_key_manager

How Has This Been Tested?

• cargo check --locked --ignore-rust-version -p tari_common_sqlite -p tari_comms -p tari_comms_dht -p tari_transaction_key_manager -p minotari_wallet

Note: local toolchain in this environment is rustc 1.92.0 while workspace requires 1.93.0; therefore --ignore-rust-version was used for local verification.

What process can a PR reviewer use to test or verify this change?

1. Confirm Cargo.toml Diesel version bumps in the five crates above.
2. Confirm Cargo.lock no longer contains diesel 2.2.10.
3. Run:
   cargo check --locked -p tari_common_sqlite -p tari_comms -p tari_comms_dht -p tari_transaction_key_manager -p minotari_wallet

Breaking Changes

• None
• Requires data directory on base node to be deleted
• Requires hard fork
• Other - Please specify

Closes #7787.

[github-actions]

⚠️ This PR contains unsigned commits. To get your PR merged, please sign those commits (git rebase --exec 'git commit -S --amend --no-edit -n' @{upstream}) and force push them to this branch (git push --force-with-lease).

If you're new to commit signing, there are different ways to set it up:

Sign commits with gpg

Follow the steps below to set up commit signing with gpg:

1. Generate a GPG key
2. Add the GPG key to your GitHub account
3. Configure git to use your GPG key for commit signing

Sign commits with ssh-agent

Follow the steps below to set up commit signing with ssh-agent:

1. Generate an SSH key and add it to ssh-agent
2. Add the SSH key to your GitHub account
3. Configure git to use your SSH key for commit signing

Sign commits with 1Password

You can also sign commits using 1Password, which lets you sign commits with biometrics without the signing key leaving the local 1Password process.

Learn how to use 1Password to sign your commits.

[gemini-code-assist]

Code Review

This pull request updates the diesel dependency from version 2.2.10 to 2.3.8 and diesel_migrations to version 2.3 across several crates, including transaction_key_manager, wallet, common_sqlite, comms/core, and comms/dht. The Cargo.lock file reflects these updates along with corresponding changes to related crates like wasm-bindgen and the addition of new transitive dependencies. I have no feedback to provide.

[samrusani]

Pushed an updated commit signed via SSH (new head: e75e1bd).

CI is showing “action_required” with 0 jobs, so I suspect it’s just waiting for maintainer approval to run workflows on this PR/fork.