Skip to content

Bump the rust-deps group across 1 directory with 18 updates#81

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/cargo/backend/master/rust-deps-da196b799b
Open

Bump the rust-deps group across 1 directory with 18 updates#81
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/cargo/backend/master/rust-deps-da196b799b

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the rust-deps group with 18 updates in the /backend directory:

Package From To
tower-http 0.6.11 0.7.0
serde_json 1.0.149 1.0.150
sqlx 0.8.6 0.9.0
rust_decimal 1.42.0 1.42.1
fastembed 5.13.4 5.17.2
candle-core 0.10.2 0.11.0
reqwest 0.13.3 0.13.4
rand 0.10.1 0.10.2
rand_chacha 0.3.1 0.9.0
uuid 1.23.1 1.23.4
chrono 0.4.44 0.4.45
quick-xml 0.40.1 0.41.0
tonic 0.12.3 0.14.6
tonic-build 0.12.3 0.14.6
prost 0.13.5 0.14.4
metrics-exporter-prometheus 0.16.2 0.18.3
anyhow 1.0.102 1.0.103
pdf-extract 0.10.0 0.12.0

Updates tower-http from 0.6.11 to 0.7.0

Release notes

Sourced from tower-http's releases.

tower-http-0.7.0

Changes since 0.6.11

Added

  • csrf: add cross-site request forgery (CSRF) protection middleware, porting the cross-origin protection scheme introduced in Go 1.25 (#699)

    use tower::ServiceBuilder;
    use tower_http::csrf::CsrfLayer;
    // Rejects cross-origin state-changing requests using Sec-Fetch-Site,
    // an Origin allow-list, and an Origin/Host fallback. No per-request
    // token state required.
    let layer = CsrfLayer::new().add_trusted_origin("https://example.com")?;
    let service = ServiceBuilder::new().layer(layer).service_fn(handler);

  • timeout: add DeadlineBody for non-resetting body timeouts, applied via the new RequestBodyDeadlineLayer and ResponseBodyDeadlineLayer (#688)

    Unlike TimeoutBody, which resets its deadline on every frame, DeadlineBody caps the total time of a body transfer. A slow client trickling one byte at a time never trips an idle timeout but will trip a deadline.

    use std::time::Duration;
    use tower::ServiceBuilder;
    use tower_http::timeout::RequestBodyDeadlineLayer;
    // Abort the request body transfer after 30s total, regardless of how
    // frequently data arrives.
    let service = ServiceBuilder::new()
    .layer(RequestBodyDeadlineLayer::new(Duration::from_secs(30)))
    .service_fn(handler);

  • fs: add strong ETag support to ServeDir, including If-Match and If-None-Match precondition handling per RFC 9110. 304 Not Modified responses now carry the ETag and Last-Modified validators (#691)

  • fs: add a Backend trait to make ServeDir work with non-filesystem sources (e.g. embedded assets or object storage). The default TokioBackend preserves existing behavior. Use ServeDir::with_backend() to plug in custom implementations (#684)

    use tower_http::services::fs::ServeDir;
    // MyBackend implements tower_http::services::fs::Backend.
    // The default ServeDir::new() continues to use TokioBackend (local FS).
    let service = ServeDir::with_backend("assets", MyBackend::new());

  • fs: add html_as_default_extension option to ServeDir, appending .html when the request path has no extension (#519)

  • fs: add redirect_path_prefix option to ServeDir, prepending a prefix on trailing-slash redirects so the service can be mounted under a sub-path (#486)

  • validate-request: add ValidateRequestHeaderLayer::has_header_value() to reject requests when a header does not have an expected value (#360)

  • body: UnsyncBoxBody::new() constructor and From<ServeFileSystemResponseBody> conversion to avoid double-boxing when combining ServeDir responses with other body types (#537)

  • limit: implement Default for limit::ResponseBody when the wrapped body also implements Default (#679)

Changed

... (truncated)

Commits
  • b194fcf v0.7.0
  • af828a6 feat(follow_redirect)!: preserve request extensions across redirects (#706)
  • 8cb8d99 feat(ValidateRequestHeaderLayer): add has_header("...").with_value("...") fun...
  • 3b56d2d feat!: Add configurable Backend trait for ServeDir, bump MSRV 1.65 (#684)
  • 8508716 Add redirect_path_prefix option (#486)
  • 56327b2 Add Windows drive-prefix path regression test (#705)
  • 54c6db8 feat(compression)!: upgrade SizeAbove threshold from u16 to u64 (#704)
  • 68cd6d8 Add DeadlineBody for non-resetting body timeouts (#688)
  • fa8a98c feat(fs): add strong ETag support to ServeDir (#691)
  • 36d2205 fix: Make SetMultiple*Header Clone for !Clone http bodies (#703)
  • Additional commits viewable in compare view

Updates serde_json from 1.0.149 to 1.0.150

Release notes

Sourced from serde_json's releases.

v1.0.150

Commits
  • a1ae73a Release 1.0.150
  • 1a360b0 Merge pull request #1324 from puneetdixit200/reject-non-string-enum-keys
  • 2037b63 Reject non-string enum object keys
  • 5d30df6 Resolve manual_assert_eq pedantic clippy lint
  • dc8003a Raise required compiler for preserve_order feature to 1.85
  • a42fa98 Unpin CI miri toolchain
  • 684a60e Pin CI miri to nightly-2026-02-11
  • 7c7da33 Raise required compiler to Rust 1.71
  • acf4850 Simplify Number::is_f64
  • 6b8ceab Resolve unnecessary_map_or clippy lint
  • Additional commits viewable in compare view

Updates sqlx from 0.8.6 to 0.9.0

Changelog

Sourced from sqlx's changelog.

0.9.0 - 2026-05-06

Important Announcements

New Github Organization

Shortly after this release is published, the SQLx repository will be transferred to a new GitHub organization: https://github.com/transact-rs/

This is because SQLx has not been owned or maintained by LaunchBadge, LLC. for a few years now, and has since been informally transferred to the collective ownership of its principal authors. Moving the repository to a new organization makes this change more clear, and also allows for potentially inviting outside collaborators.

Cargo.lock Removed from Tracking

The Cargo.lock has been removed from tracking in Git. CI should now always test with the latest versions of all dependencies by default, alongside our pass that checks with cargo generate-lockfile -Z minimal-versions.

This should eliminate the need for any PRs that update dependencies to also update Cargo.lock or contend with an endless stream of merge conflicts against it.

N.B. cargo install --locked sqlx-cli will no longer work. However, cargo install sqlx-cli has always used the latest dependencies by default, ignoring the lockfile, so most users should not be affected. For users requiring reproducible builds, consider maintaining your own lockfile instead; historically, we only ran cargo update sporadically, so relying on SQLx's lockfile offered few guarantees anyway.

See [the manual page for cargo install][man-cargo-install] for details.

Breaking

As per our MSRV policy, the supported Rust version for this release cycle is 1.94.0.

  • [#3383]: feat: create sqlx.toml format [[@​abonander]]
    • SQLx and sqlx-cli now support per-crate configuration files (sqlx.toml)
    • New functionality includes, but is not limited to:
      • Rename DATABASE_URL for a crate (for multi-database workspaces)
      • Set global type overrides for the macros (supporting custom types)
      • Rename or relocate the _sqlx_migrations table (for multiple crates using the same database)
      • Set characters to ignore when hashing migrations (e.g. ignore whitespace)
    • More to be implemented in future releases.
    • Enable feature sqlx-toml to use.
      • sqlx-cli has it enabled by default, but sqlx does not.
      • Default features of library crates can be hard to completely turn off because of [feature unification], so it's better to keep the default feature set as limited as possible. [This is something we learned the hard way.][preferred-crates]
    • Guide: see sqlx::_config module in documentation.
    • Reference: [Link]
    • Examples (written for Postgres but can be adapted to other databases; PRs welcome!):
      • Multiple databases using DATABASE_URL renaming and global type overrides: [Link]
      • Multi-tenant database using _sqlx_migrations renaming and multiple schemas: [Link]
      • Force use of chrono when time is enabled (e.g. when using tower-sessions-sqlx-store): [[Link][preferred-crates]]
        • Forcing bigdecimal when rust_decimal is enabled is also shown, but problems with chrono/time are more common.

... (truncated)

Commits
  • 75bc048 Release 0.9.0 (#4256)
  • 6956cef Prefer to give real data to .bind() in README.md (#4257)
  • 45ba990 Add the possibility to skip migrations (#3846)
  • 66533fa Ensure Deterministic Migration Order (#4136)
  • db47fe3 ci: check direct minimal versions (#4173)
  • 9ecb76d Unescape PostgreSQL passfile password (#3993)
  • c0a3218 breaking(any+mysql): correctly convert text and blob types to AnyTypeInfo (...
  • d82b781 test(sqlite): add regression test for ORDER BY + LIMIT nullability (#4223)
  • b77ba16 chore: update to axum 0.8 (#4253)
  • c0ec9c0 fix(tls): potential deadlock in StdSocket::poll_ready() (#4251)
  • Additional commits viewable in compare view

Updates rust_decimal from 1.42.0 to 1.42.1

Release notes

Sourced from rust_decimal's releases.

1.42.1

What's Changed

Full Changelog: paupino/rust-decimal@1.42.0...1.42.1

Commits

Updates fastembed from 5.13.4 to 5.17.2

Release notes

Sourced from fastembed's releases.

v5.17.2

5.17.2 (2026-06-15)

🍕 Features

  • Add cosine_similarity, dot, top_k helpers (#263) (6fc2eb9).

🐛 Bug Fixes

🧹 Chores

  • Update safetensors requirement from 0.7.0 to 0.8.0 (#261) (d2c55c0).

📖 Documentation

🔁 Continuous Integration

  • Update GitHub Actions, bump to Node 24 runtimes (#262) (78c4a68).

v5.17.0

5.17.0 (2026-06-15)

🍕 Features

  • similarity: add cosine_similarity, dot, top_k helpers (#263) (6fc2eb9)

🔁 Continuous Integration

  • strip commas from clippy-features cache key, pin actions to SHAs, bump to Node 24 runtimes (#262) (78c4a68)

🧹 Chores

  • deps: update safetensors requirement from 0.7.0 to 0.8.0 (#261) (d2c55c0)

v5.16.2

5.16.2 (2026-06-14)

🐛 Bug Fixes

  • qwen3: clamp image max_pixels to tokenizer token budget (#260) (5340989)
  • nomic-v2-moe: resolve dtype mismatches for BF16/F16 inference (#259) (5dae66b)

📝 Documentation

  • Usage reconciliation at README.md and lib.rs docstrings (#258) (53bf4db)

... (truncated)

Commits
  • d0e8e9e chore(release): 5.17.2 [skip ci]
  • ee2465f fix(docs): replace removed doc_auto_cfg with doc_cfg (#265)
  • 5deec6c chore(release): 5.17.1 [skip ci]
  • 5cd990f docs: Re-order README.md sections (#264)
  • bceb1e9 chore(release): 5.17.0 [skip ci]
  • 6fc2eb9 feat(similarity): add cosine_similarity, dot, top_k helpers (#263)
  • 78c4a68 ci: strip commas from clippy-features cache key, pin actions to SHAs, bump to...
  • d2c55c0 chore(deps): update safetensors requirement from 0.7.0 to 0.8.0 (#261)
  • 3a9588a chore(release): 5.16.2 [skip ci]
  • 5340989 fix(qwen3): clamp image max_pixels to tokenizer token budget (#260)
  • Additional commits viewable in compare view

Updates candle-core from 0.10.2 to 0.11.0

Commits
  • 31f35b1 Bump candle version to 0.11.0 (#3658)
  • 9bcfd98 Add paged flash-attn kernels (#3655)
  • c63cb20 [CPU] Quantized perf improvements (#3643)
  • 5152ef6 Support embedding forward pass for ggml quants (#3644)
  • f53ed3b Parameter cache for CUDA kernel launch (#3598)
  • a9667ca Support cuda 13.3 (#3642)
  • 29a15c2 Remove flash attn specific rayon threadpool. Use device.with_context around e...
  • 0190c65 refactor: converge CPU flash attn kernels on shared primitives (#3513)
  • c4b0faf [CPU] Persistent barrier based threadpool and improved qgemm (#3627)
  • 7625889 [CPU] Add neon optimized path to BlockQ8K::from_float (#3629)
  • Additional commits viewable in compare view

Updates reqwest from 0.13.3 to 0.13.4

Release notes

Sourced from reqwest's releases.

v0.13.4

tl;dr

  • Add ClientBuilder::tls_sslkeylogfile(bool) option to allow using the related environment variable.
  • Add ClientBuilder::http2_keep_alive_* options for the blocking client.
  • Add TLS 1.3 support when using native-tls backend.
  • Fix redirect handling to strip sensitive headers when the scheme changes.
  • Fix HTTP/3 happy-eyeball connection creation.
  • Upgrade hickory-resolver to 0.26.

What's Changed

New Contributors

Full Changelog: seanmonstar/reqwest@v0.13.3...v0.13.4

Changelog

Sourced from reqwest's changelog.

v0.13.4

  • Add ClientBuilder::tls_sslkeylogfile(bool) option to allow using the related environment variable.
  • Add ClientBuilder::http2_keep_alive_* options for the blocking client.
  • Add TLS 1.3 support when using native-tls backend.
  • Fix redirect handling to strip sensitive headers when the scheme changes.
  • Fix HTTP/3 happy-eyeball connection creation.
  • Upgrade hickory-resolver to 0.26.
Commits
  • 11489b3 v0.13.4
  • d31ffbb feat: Expose HTTP2 keep alive configurations in blocking client (#3043)
  • 79ed0d7 feat: support TLS 1.3 as min version under native-tls 🎉 (#2975)
  • fb7bf6a fix: remove unwrap in hickory initialization (#3041)
  • 3da616f fix: update hickory-resolver to 0.26 and adjust code accordingly (#3040)
  • c77e7b2 fix(http3): use happy eyeballs for h3 connect (#3030)
  • 9cbb65b chore: clean up minimal-versions CI job (#3039)
  • 17a7dc5 chore: upgrade MSRV to 1.85 (#3038)
  • 03db63a fix(redirect): strip sensitive headers on scheme change across redirects (#3034)
  • 4b813a8 feat: add tls_sslkeylogfile builder method (#2923)
  • Additional commits viewable in compare view

Updates rand from 0.10.1 to 0.10.2

Changelog

Sourced from rand's changelog.

[0.10.2] — 2026-07-02

Fixes

  • Fix possible memory safety violation due to deserialization of UniformChar from bad source (#1790)

Changes

  • Document required output order of fn partial_shuffle and apply #[must_use] (#1769)
  • Avoid usage of unsafe in contexts where non-local memory corruption could invalidate contract (#1791)

#1769: rust-random/rand#1769 #1790: rust-random/rand#1790 #1791: rust-random/rand#1791

Commits

Updates rand_chacha from 0.3.1 to 0.9.0

Release notes

Sourced from rand_chacha's releases.

0.9.0

Upgrade guide

See https://rust-random.github.io/book/update-0.9.html

Changelog

Security and unsafe

  • Policy: "rand is not a crypto library" (#1514)
  • Remove fork-protection from ReseedingRng and ThreadRng. Instead, it is recommended to call ThreadRng::reseed on fork. (#1379)
  • Use zerocopy to replace some unsafe code (#1349, #1393, #1446, #1502)

Dependencies

  • Bump the MSRV to 1.63.0 (#1207, #1246, #1269, #1341, #1416, #1536); note that 1.60.0 may work for dependents when using --ignore-rust-version
  • Update to rand_core v0.9.0 (#1558)

Features

  • Support std feature without getrandom or rand_chacha (#1354)
  • Enable feature small_rng by default (#1455)
  • Remove implicit feature rand_chacha; use std_rng instead. (#1473)
  • Rename feature serde1 to serde (#1477)
  • Rename feature getrandom to os_rng (#1537)
  • Add feature thread_rng (#1547)

API changes: rand_core traits

  • Add fn RngCore::read_adapter implementing std::io::Read (#1267)
  • Add trait CryptoBlockRng: BlockRngCore; make trait CryptoRng: RngCore (#1273)
  • Add traits TryRngCore, TryCryptoRng (#1424, #1499)
  • Rename fn SeedableRng::from_rng -> try_from_rng and add infallible variant fn from_rng (#1424)
  • Rename fn SeedableRng::from_entropy -> from_os_rng and add fallible variant fn try_from_os_rng (#1424)
  • Add bounds Clone and AsRef to associated type SeedableRng::Seed (#1491)

API changes: Rng trait and top-level fns

  • Rename fn rand::thread_rng() to rand::rng() and remove from the prelude (#1506)
  • Remove fn rand::random() from the prelude (#1506)
  • Add top-level fns random_iter, random_range, random_bool, random_ratio, fill (#1488)
  • Re-introduce fn Rng::gen_iter as random_iter (#1305, #1500)
  • Rename fn Rng::gen to random to avoid conflict with the new gen keyword in Rust 2024 (#1438)
  • Rename fns Rng::gen_range to random_range, gen_bool to random_bool, gen_ratio to random_ratio (#1505)
  • Annotate panicking methods with #[track_caller] (#1442, #1447)

API changes: RNGs

  • Fix <SmallRng as SeedableRng>::Seed size to 256 bits (#1455)
  • Remove first parameter (rng) of ReseedingRng::new (#1533)

API changes: Sequences

  • Split trait SliceRandom into IndexedRandom, IndexedMutRandom, SliceRandom (#1382)
  • Add IndexedRandom::choose_multiple_array, index::sample_array (#1453, #1469)

API changes: Distributions: renames

  • Rename module rand::distributions to rand::distr (#1470)
  • Rename distribution Standard to StandardUniform (#1526)

... (truncated)

Changelog

Sourced from rand_chacha's changelog.

[0.9.0] - 2025-01-27

Security and unsafe

  • Policy: "rand is not a crypto library" (#1514)
  • Remove fork-protection from ReseedingRng and ThreadRng. Instead, it is recommended to call ThreadRng::reseed on fork. (#1379)
  • Use zerocopy to replace some unsafe code (#1349, #1393, #1446, #1502)

Dependencies

  • Bump the MSRV to 1.63.0 (#1207, #1246, #1269, #1341, #1416, #1536); note that 1.60.0 may work for dependents when using --ignore-rust-version
  • Update to rand_core v0.9.0 (#1558)

Features

  • Support std feature without getrandom or rand_chacha (#1354)
  • Enable feature small_rng by default (#1455)
  • Remove implicit feature rand_chacha; use std_rng instead. (#1473)
  • Rename feature serde1 to serde (#1477)
  • Rename feature getrandom to os_rng (#1537)
  • Add feature thread_rng (#1547)

API changes: rand_core traits

  • Add fn RngCore::read_adapter implementing std::io::Read (#1267)
  • Add trait CryptoBlockRng: BlockRngCore; make trait CryptoRng: RngCore (#1273)
  • Add traits TryRngCore, TryCryptoRng (#1424, #1499)
  • Rename fn SeedableRng::from_rng -> try_from_rng and add infallible variant fn from_rng (#1424)
  • Rename fn SeedableRng::from_entropy -> from_os_rng and add fallible variant fn try_from_os_rng (#1424)
  • Add bounds Clone and AsRef to associated type SeedableRng::Seed (#1491)

API changes: Rng trait and top-level fns

  • Rename fn rand::thread_rng() to rand::rng() and remove from the prelude (#1506)
  • Remove fn rand::random() from the prelude (#1506)
  • Add top-level fns random_iter, random_range, random_bool, random_ratio, fill (#1488)
  • Re-introduce fn Rng::gen_iter as random_iter (#1305, #1500)
  • Rename fn Rng::gen to random to avoid conflict with the new gen keyword in Rust 2024 (#1438)
  • Rename fns Rng::gen_range to random_range, gen_bool to random_bool, gen_ratio to random_ratio (#1505)
  • Annotate panicking methods with #[track_caller] (#1442, #1447)

API changes: RNGs

  • Fix <SmallRng as SeedableRng>::Seed size to 256 bits (#1455)
  • Remove first parameter (rng) of ReseedingRng::new (#1533)

API changes: Sequences

  • Split trait SliceRandom into IndexedRandom, IndexedMutRandom, SliceRandom (#1382)
  • Add IndexedRandom::choose_multiple_array, index::sample_array (#1453, #1469)

API changes: Distributions: renames

  • Rename module rand::distributions to rand::distr (#1470)
  • Rename distribution Standard to StandardUniform (#1526)
  • Move distr::Slice -> distr::slice::Choose, distr::EmptySlice -> distr::slice::Empty (#1548)
  • Rename trait distr::DistString -> distr::SampleString (#1548)
  • Rename distr::DistIter -> distr::Iter, distr::DistMap -> distr::Map (#1548)

... (truncated)

Commits

Updates uuid from 1.23.1 to 1.23.4

Release notes

Sourced from uuid's releases.

v1.23.4

What's Changed

New Contributors

Full Changelog: uuid-rs/uuid@v1.23.3...v1.23.4

v1.23.3

What's Changed

Full Changelog: uuid-rs/uuid@v1.23.2...v1.23.3

v1.23.2

What's Changed

Full Changelog: uuid-rs/uuid@v1.23.1...v1.23.2

Commits
  • 3296d64 Merge pull request #890 from uuid-rs/cargo/v1.23.4
  • cba53d0 prepare for 1.23.4 release
  • e347af4 Merge pull request #889 from frostyplanet/main
  • e9bf55c doc: Fix broken link warnings
  • 5351af4 doc: Enable feature flag label for docs.rs
  • 1e6a966 Merge pull request #888 from uuid-rs/KodrAus-patch-1
  • c9619f6 fix up name of fuzz script in readme
  • 20da78b Merge pull request #887 from uuid-rs/cargo/v1.23.3
  • 62232ca prepare for 1.23.3 release
  • 2320c6a Merge pull request #886 from uuid-rs/fix/parser-panics
  • Additional commits viewable in compare view

Updates chrono from 0.4.44 to 0.4.45

Release notes

Sourced from chrono's releases.

0.4.45

What's Changed

Commits
  • 1703382 Prepare 0.4.45 release
  • 881f9ab tz_data: fix tzdata locations on Android
  • f14ead4 fix(tz): reject TZ offset hour of 24 to avoid FixedOffset overflow
  • c6063e6 Update similar-asserts requirement from 1.6.1 to 2.0.0
  • 120686c Bump codecov/codecov-action from 5 to 6
  • See full diff in compare view

Updates quick-xml from 0.40.1 to 0.41.0

Release notes

Sourced from quick-xml's releases.

v0.41.0 - Secuirity fixes

What's Changed

New Features

  • #970: Add NsReader::resolver_mut() and NamespaceResolver::{max...

    Description has been truncated

Bumps the rust-deps group with 18 updates in the /backend directory:

| Package | From | To |
| --- | --- | --- |
| [tower-http](https://github.com/tower-rs/tower-http) | `0.6.11` | `0.7.0` |
| [serde_json](https://github.com/serde-rs/json) | `1.0.149` | `1.0.150` |
| [sqlx](https://github.com/launchbadge/sqlx) | `0.8.6` | `0.9.0` |
| [rust_decimal](https://github.com/paupino/rust-decimal) | `1.42.0` | `1.42.1` |
| [fastembed](https://github.com/Anush008/fastembed-rs) | `5.13.4` | `5.17.2` |
| [candle-core](https://github.com/huggingface/candle) | `0.10.2` | `0.11.0` |
| [reqwest](https://github.com/seanmonstar/reqwest) | `0.13.3` | `0.13.4` |
| [rand](https://github.com/rust-random/rand) | `0.10.1` | `0.10.2` |
| [rand_chacha](https://github.com/rust-random/rand) | `0.3.1` | `0.9.0` |
| [uuid](https://github.com/uuid-rs/uuid) | `1.23.1` | `1.23.4` |
| [chrono](https://github.com/chronotope/chrono) | `0.4.44` | `0.4.45` |
| [quick-xml](https://github.com/tafia/quick-xml) | `0.40.1` | `0.41.0` |
| [tonic](https://github.com/hyperium/tonic) | `0.12.3` | `0.14.6` |
| [tonic-build](https://github.com/hyperium/tonic) | `0.12.3` | `0.14.6` |
| [prost](https://github.com/tokio-rs/prost) | `0.13.5` | `0.14.4` |
| [metrics-exporter-prometheus](https://github.com/metrics-rs/metrics) | `0.16.2` | `0.18.3` |
| [anyhow](https://github.com/dtolnay/anyhow) | `1.0.102` | `1.0.103` |
| [pdf-extract](https://github.com/jrmuizel/pdf-extract) | `0.10.0` | `0.12.0` |



Updates `tower-http` from 0.6.11 to 0.7.0
- [Release notes](https://github.com/tower-rs/tower-http/releases)
- [Commits](tower-rs/tower-http@tower-http-0.6.11...tower-http-0.7.0)

Updates `serde_json` from 1.0.149 to 1.0.150
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](serde-rs/json@v1.0.149...v1.0.150)

Updates `sqlx` from 0.8.6 to 0.9.0
- [Changelog](https://github.com/transact-rs/sqlx/blob/main/CHANGELOG.md)
- [Commits](transact-rs/sqlx@v0.8.6...v0.9.0)

Updates `rust_decimal` from 1.42.0 to 1.42.1
- [Release notes](https://github.com/paupino/rust-decimal/releases)
- [Changelog](https://github.com/paupino/rust-decimal/blob/master/CHANGELOG.md)
- [Commits](paupino/rust-decimal@1.42.0...1.42.1)

Updates `fastembed` from 5.13.4 to 5.17.2
- [Release notes](https://github.com/Anush008/fastembed-rs/releases)
- [Commits](Anush008/fastembed-rs@v5.13.4...v5.17.2)

Updates `candle-core` from 0.10.2 to 0.11.0
- [Changelog](https://github.com/huggingface/candle/blob/main/CHANGELOG.md)
- [Commits](huggingface/candle@0.10.2...0.11.0)

Updates `reqwest` from 0.13.3 to 0.13.4
- [Release notes](https://github.com/seanmonstar/reqwest/releases)
- [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md)
- [Commits](seanmonstar/reqwest@v0.13.3...v0.13.4)

Updates `rand` from 0.10.1 to 0.10.2
- [Release notes](https://github.com/rust-random/rand/releases)
- [Changelog](https://github.com/rust-random/rand/blob/master/CHANGELOG.md)
- [Commits](rust-random/rand@0.10.1...0.10.2)

Updates `rand_chacha` from 0.3.1 to 0.9.0
- [Release notes](https://github.com/rust-random/rand/releases)
- [Changelog](https://github.com/rust-random/rand/blob/master/CHANGELOG.md)
- [Commits](rust-random/rand@rand_chacha-0.3.1...0.9.0)

Updates `uuid` from 1.23.1 to 1.23.4
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](uuid-rs/uuid@v1.23.1...v1.23.4)

Updates `chrono` from 0.4.44 to 0.4.45
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](chronotope/chrono@v0.4.44...v0.4.45)

Updates `quick-xml` from 0.40.1 to 0.41.0
- [Release notes](https://github.com/tafia/quick-xml/releases)
- [Changelog](https://github.com/tafia/quick-xml/blob/master/Changelog.md)
- [Commits](tafia/quick-xml@v0.40.1...v0.41.0)

Updates `tonic` from 0.12.3 to 0.14.6
- [Release notes](https://github.com/hyperium/tonic/releases)
- [Changelog](https://github.com/grpc/grpc-rust/blob/master/CHANGELOG.md)
- [Commits](grpc/grpc-rust@v0.12.3...tonic-v0.14.6)

Updates `tonic-build` from 0.12.3 to 0.14.6
- [Release notes](https://github.com/hyperium/tonic/releases)
- [Changelog](https://github.com/grpc/grpc-rust/blob/master/CHANGELOG.md)
- [Commits](grpc/grpc-rust@v0.12.3...tonic-build-v0.14.6)

Updates `prost` from 0.13.5 to 0.14.4
- [Release notes](https://github.com/tokio-rs/prost/releases)
- [Changelog](https://github.com/tokio-rs/prost/blob/master/CHANGELOG.md)
- [Commits](tokio-rs/prost@v0.13.5...v0.14.4)

Updates `metrics-exporter-prometheus` from 0.16.2 to 0.18.3
- [Changelog](https://github.com/metrics-rs/metrics/blob/main/release.toml)
- [Commits](metrics-rs/metrics@metrics-exporter-prometheus-v0.16.2...metrics-exporter-prometheus-v0.18.3)

Updates `anyhow` from 1.0.102 to 1.0.103
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](dtolnay/anyhow@1.0.102...1.0.103)

Updates `pdf-extract` from 0.10.0 to 0.12.0
- [Commits](jrmuizel/pdf-extract@v0.10.0...v0.12.0)

---
updated-dependencies:
- dependency-name: tower-http
  dependency-version: 0.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: rust-deps
- dependency-name: serde_json
  dependency-version: 1.0.150
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust-deps
- dependency-name: sqlx
  dependency-version: 0.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: rust-deps
- dependency-name: rust_decimal
  dependency-version: 1.42.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust-deps
- dependency-name: fastembed
  dependency-version: 5.17.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: rust-deps
- dependency-name: candle-core
  dependency-version: 0.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: rust-deps
- dependency-name: reqwest
  dependency-version: 0.13.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust-deps
- dependency-name: rand
  dependency-version: 0.10.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust-deps
- dependency-name: rand_chacha
  dependency-version: 0.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: rust-deps
- dependency-name: uuid
  dependency-version: 1.23.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust-deps
- dependency-name: chrono
  dependency-version: 0.4.45
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust-deps
- dependency-name: quick-xml
  dependency-version: 0.41.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: rust-deps
- dependency-name: tonic
  dependency-version: 0.14.6
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: rust-deps
- dependency-name: tonic-build
  dependency-version: 0.14.6
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: rust-deps
- dependency-name: prost
  dependency-version: 0.14.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: rust-deps
- dependency-name: metrics-exporter-prometheus
  dependency-version: 0.18.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: rust-deps
- dependency-name: anyhow
  dependency-version: 1.0.103
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust-deps
- dependency-name: pdf-extract
  dependency-version: 0.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: rust-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Jul 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants