deps(rust): bump the rust-dependencies group with 11 updates

[dependabot]

Updates the requirements on pyo3, bincode, tantivy, reqwest, thiserror, dashmap, dirs, tokenizers, ndarray, lz4_flex and criterion to permit the latest version.
Updates pyo3 to 0.27.2

Release notes

Sourced from pyo3's releases.

PyO3 0.27.2

This patch contains very minor fixes for the PyO3 0.27 series:

• Workaround a rustc 1.92+ crash compiling PyO3 with both debug assertions and optimizations enabled.
• Fix runtime crash when subclassing dicts on PyPy and GraalPy.

There are also a number of documentation improvements applied across the codebase.

Thank you to the following contributors for the improvements:

@​davidhewitt @​dependabot[bot] @​MusicalNinjaDad @​pkalivas @​tpoliaw @​Tpt

Changelog

Sourced from pyo3's changelog.

[0.27.2] - 2025-11-30

Changed

• Disable subclassing PyDict on GraalPy (unsupported for now, may crash at runtime). #5653

Fixed

• Fix crash when compiling on Rust 1.92+ with both debug assertions and optimizations enabled. #5638
• Fix FFI definition of PyDictObject on PyPy. #5653

[0.27.1] - 2025-10-21

Fixed

• Fix clippy:declare_interior_mutable_const warning from #[pyfunction]. #5538
• Expose pyo3::types::PySendResult in public API. #5539

[0.27.0] - 2025-10-19

Packaging

• Extend range of supported versions of hashbrown optional dependency to include version 0.16. #5428
• Bump optional num-bigint dependency minimum version to 0.4.4. #5471
• Test against Python 3.14 final release. #5499
• Drop support for PyPy 3.9 and 3.10. #5516
• Provide a better error message when building an outdated PyO3 for a too-new Python version. #5519

Added

• Add FromPyObjectOwned as convenient trait bound for FromPyObject when the data is not borrowed from Python. #4390
• Add Borrowed::extract, same as PyAnyMethods::extract, but does not restrict the lifetime by deref. #4390
• experimental-inspect: basic support for #[derive(IntoPyObject)] (no struct fields support yet). #5365
• experimental-inspect: support #[pyo3(get, set)] and #[pyclass(get_all, set_all)]. #5370
• Add PyTypeCheck::classinfo_object that returns an object that can be used as parameter in isinstance or issubclass. #5387
• Implement PyTypeInfo on datetime.* types even when the limited API is enabled. #5388
• Implement PyTypeInfo on PyIterator, PyMapping and PySequence. #5402
• Implement PyTypeInfo on PyCode when using the stable ABI. #5403
• Implement PyTypeInfo on PyWeakrefReference when using the stable ABI. #5404
• Add pyo3::sync::RwLockExt trait, analogous to pyo3::sync::MutexExt for readwrite locks. #5435
• Add PyString::from_bytes. #5437
• Implement AsRef<[u8]> for PyBytes. #5445
• Add CastError and CastIntoError. #5468
• Add PyCapsuleMethods::pointer_checked and PyCapsuleMethods::is_valid_checked. #5474
• Add Borrowed::cast, Borrowed::cast_exact and Borrowed::cast_unchecked. #5475
• Add conversions for jiff::civil::ISOWeekDate. #5478
• Add conversions for &Cstr, Cstring and Cow<Cstr>. #5482
• add #[pyclass(skip_from_py_object)] option, to opt-out of the FromPyObject: PyClass + Clone blanket impl. #5488
• Add PyErr::add_note. #5489
• Add FromPyObject impl for Cow<Path> & Cow<OsStr>. #5497

... (truncated)

Commits

• 117102d release: 0.27.2
• 2b1d6c5 fix FFI definition of PyDictObject on PyPy (#5653)
• 032d4d3 ci: add lychee cache (#5616)
• b4f78c0 fix rumdl formatting
• 0497d48 ci: remove old netlify build files (#5631)
• f3d6e05 Avoid introducing generic parameter with implied bounds from an associated ty...
• c8e6597 ci: pin mdbook to 0.4 for now, properly install mdbook-tabs (#5632)
• 30cca7e build(deps): bump actions/checkout from 5.0.0 to 5.0.1 (#5629)
• bb7bb94 Update PyIterator::send docs to match behaviour (#5593)
• 1acadc5 Add radiate to README examples section (#5561)
• Additional commits viewable in compare view

Updates bincode to 3.0.0

Commits

• See full diff in compare view

Updates tantivy to 0.25.0

Release notes

Sourced from tantivy's releases.

Tantivy v0.25

What's Changed

• update edition to 2024 by @​PSeitz in quickwit-oss/tantivy#2620
• make zstd optional in sstable by @​Parth in quickwit-oss/tantivy#2633
• release tantivy: bump versions by @​PSeitz in quickwit-oss/tantivy#2625
• Fix a typo for the comments of search_with_executor() by @​xingtanzjr in quickwit-oss/tantivy#2653
• Add string fast field support to TopDocs. by @​stuhood in quickwit-oss/tantivy#2642
• update CHANGELOG by @​PSeitz in quickwit-oss/tantivy#2621
• fix import in test by @​PSeitz-dd in quickwit-oss/tantivy#2657
• add docs/example and Vec values to sstable by @​PSeitz in quickwit-oss/tantivy#2660
• fix union performance regression in tantivy 0.24 by @​PSeitz-dd in quickwit-oss/tantivy#2663
• clippy by @​PSeitz in quickwit-oss/tantivy#2661
• chore: Update ParadeDB logo by @​philippemnoel in quickwit-oss/tantivy#2669
• docs: fix a typo in basic example by @​DaleSeo in quickwit-oss/tantivy#2668
• update CHANGELOG by @​Parth in quickwit-oss/tantivy#2670
• Fixed typo in documentation by @​MassimilianoBaglioni in quickwit-oss/tantivy#2629
• #2635 Update fs4 to latest (0.13.1) by @​1Cor125 in quickwit-oss/tantivy#2654
• Fix TopNComputer for reverse order by @​PSeitz in quickwit-oss/tantivy#2672
• ignore failure to parse query when other default field suceeded by @​trinity-1686a in quickwit-oss/tantivy#2676
• fix field_names in top_hits aggregation by @​PSeitz-dd in quickwit-oss/tantivy#2675
• Fix TopDocs::order_by_string_fast_field for duplicates by @​stuhood in quickwit-oss/tantivy#2673
• feat: Support spaces between field name and value by @​Darkheir in quickwit-oss/tantivy#2678
• test stable ordering with pagination by @​PSeitz-dd in quickwit-oss/tantivy#2683
• per field size details by @​fulmicoton in quickwit-oss/tantivy#2679
• convert benches to binggan by @​PSeitz-dd in quickwit-oss/tantivy#2684
• prepare release: update Changelog by @​PSeitz-dd in quickwit-oss/tantivy#2685

New Contributors

• @​Parth made their first contribution in quickwit-oss/tantivy#2633
• @​xingtanzjr made their first contribution in quickwit-oss/tantivy#2653
• @​stuhood made their first contribution in quickwit-oss/tantivy#2642
• @​PSeitz-dd made their first contribution in quickwit-oss/tantivy#2657
• @​DaleSeo made their first contribution in quickwit-oss/tantivy#2668
• @​MassimilianoBaglioni made their first contribution in quickwit-oss/tantivy#2629
• @​1Cor125 made their first contribution in quickwit-oss/tantivy#2654
• @​Darkheir made their first contribution in quickwit-oss/tantivy#2678

Full Changelog: quickwit-oss/tantivy@0.24...0.25.0

Changelog

Sourced from tantivy's changelog.

Tantivy 0.25

Bugfixes

• fix union performance regression in tantivy 0.24 #2663(@​PSeitz)
• make zstd optional in sstable #2633(@​Parth)
• Fix TopDocs::order_by_string_fast_field for asc order #2672(@​stuhood @​PSeitz)

Features/Improvements

• add docs/example and Vec values to sstable #2660(@​PSeitz)
• Add string fast field support to TopDocs. #2642(@​stuhood)
• update edition to 2024 #2620(@​PSeitz)
• Allow optional spaces between the field name and the value in the query parser #2678(@​Darkheir)
• Support mixed field types in query parser #2676(@​trinity-1686a)
• Add per-field size details #2679(@​fulmicoton)

Tantivy 0.24.2

• Fix TopNComputer for reverse order. #2672(@​stuhood @​PSeitz)

Affected queries are order_by_fast_field and order_by_u64_field for Order::Asc

Tantivy 0.24.1

• Fix: bump required rust version to 1.81

Tantivy 0.24

Tantivy 0.24 will be backwards compatible with indices created with v0.22 and v0.21. The new minimum rust version will be 1.75. Tantivy 0.23 will be skipped.

Bugfixes

• fix potential endless loop in merge #2457(@​PSeitz)
• fix bug that causes out-of-order sstable key. #2445(@​fulmicoton)
• fix ReferenceValue API flaw #2372(@​PSeitz)
• fix OwnedBytes debug panic #2512(@​b41sh)
• catch panics during merges #2582(@​rdettai)
• switch from u32 to usize in bitpacker. This enables multivalued columns larger than 4GB, which crashed during merge before. #2581 #2586(@​fulmicoton-dd @​PSeitz)

Breaking API Changes

• remove index sorting #2434(@​PSeitz)

Features/Improvements

• Aggregation
  • Support for cardinality aggregation #2337 #2446 (@​raphaelcoeffic @​PSeitz)
  • Support for extended stats aggregation #2247(@​giovannicuccu)
  • Add Key::I64 and Key::U64 variants in aggregation to avoid f64 precision issues #2468(@​PSeitz)
  • Faster term aggregation fetch terms #2447(@​PSeitz)
  • Improve custom order deserialization #2451(@​PSeitz)

... (truncated)

Commits

• b4139bc chore: Release
• 8676a1f prepare release: update Changelog (#2685)
• 021ff2a move bench to binggan (#2684)
• 39e0276 per field size details (#2679)
• a1d65c3 test stable ordering with pagination (#2683)
• 2e4615c Merge pull request #2678 from Darkheir/feat/query_grammar_space_between_field...
• 610091e feat: Applies PR review suggestion
• c301e7b Merge pull request #2673 from paradedb/stuhood.fix-order-by-dup-string
• d9eb093 Attempt to clarify sorted_ords_to_term_cb.
• d4b0901 feat: Support spaces between field name and value
• Additional commits viewable in compare view

Updates reqwest to 0.13.1

Release notes

Sourced from reqwest's releases.

v0.13.1

What's Changed

• http3: depend on quinn/rustls-aws-lc-rs to avoid ring dependency by @​djc in seanmonstar/reqwest#2917
• fix rustls on android by @​seanmonstar in seanmonstar/reqwest#2918

Full Changelog: seanmonstar/reqwest@v0.13.0...v0.13.1

Changelog

Sourced from reqwest's changelog.

v0.13.1

• Fixes compiling with rustls on Android targets.

v0.13.0

• Breaking changes:
  • rustls is now the default TLS backend, instead of native-tls.
  • rustls crypto provider defaults to aws-lc instead of ring. (rustls-no-provider exists if you want a different crypto provider)
  • rustls-tls has been renamed to rustls.
  • rustls roots features removed, rustls-platform-verifier is used by default.
    • To use different roots, call tls_certs_only(your_roots).
  • native-tls now includes ALPN. To disable, use native-tls-no-alpn.
  • query and form are now crate features, disabled by default.
  • Long-deprecated methods and crate features have been removed (such as trust-dns, which was renamed hickory-dns a while ago).
• Many TLS-related methods renamed to improve autocompletion and discovery, but previous name left in place with a "soft" deprecation. (just documented, no warnings)
  • For example, prefer tls_backend_rustls() over use_rustls_tls().

v0.12.28

• Fix compiling on Windows if TLS and SOCKS features are not enabled.

v0.12.27

• Add ClientBuilder::windows_named_pipe(name) option that will force all requests over that Windows Named Piper.

v0.12.26

• Fix sending Accept-Encoding header only with values configured with reqwest, regardless of underlying tower-http config.

v0.12.25

• Add Error::is_upgrade() to determine if the error was from an HTTP upgrade.
• Fix sending Proxy-Authorization if only username is configured.
• Fix sending Proxy-Authorization to HTTPS proxies when the target is HTTP.
• Refactor internal decompression handling to use tower-http.

v0.12.24

• Refactor cookie handling to an internal middleware.
• Refactor internal random generator.
• Refactor base64 encoding to reduce a copy.
• Documentation updates.

v0.12.23

• Add ClientBuilder::unix_socket(path) option that will force all requests over that Unix Domain Socket.
• Add ClientBuilder::retry(policy) and reqwest::retry::Builder to configure automatic retries.
• Add ClientBuilder::dns_resolver2() with more ergonomic argument bounds, allowing more resolver implementations.

... (truncated)

Commits

• 10fb98c v0.13.1
• 438098a chore: refer to h2 as dep:h2 (#2919)
• 43aac91 chore(ci): bump actions/checkout from 5 to 6 (#2864)
• 175f5b2 fix rustls on android (#2918)
• 1afe88e Depend on quinn/rustls-aws-lc-rs to avoid ring dependency (#2917)
• 62a80af v0.13.0
• e8d89f4 enable ALPN by default in native-tls (#2907)
• 9a9daa7 v0.13.0-rc.1
• d518e45 rustls: allow windows to use extra roots (#2904)
• 934bc84 chore: separate rustls and rustls-no-provider features (#2903)
• Additional commits viewable in compare view

Updates thiserror to 2.0.17

Release notes

Sourced from thiserror's releases.

2.0.17

• Use differently named __private module per patch release (#434)

Commits

• 72ae716 Release 2.0.17
• 599fdce Merge pull request #434 from dtolnay/private
• 9ec05f6 Use differently named __private module per patch release
• d2c492b Raise minimum tested compiler to rust 1.76
• fc3ab95 Opt in to generate-macro-expansion when building on docs.rs
• 819fe29 Update ui test suite to nightly-2025-09-12
• 259f48c Enforce trybuild >= 1.0.108
• 470e6a6 Update ui test suite to nightly-2025-08-24
• 544e191 Update actions/checkout@v4 -> v5
• cbc1eba Delete duplicate cap-lints flag from build script
• Additional commits viewable in compare view

Updates dashmap to 6.1.0

Release notes

Sourced from dashmap's releases.

v6.1.0

• xacrimon/dashmap#308

Commits

• f2d248e v6.1.0
• da6ac5e Add typesize::TypeSize implementation for DashMap/DashSet (#308)
• 633aadb v6.0.1
• d5c8be6 add shrink_to_fit test
• 488dbfa fix deadlock in shrink_to_fit (#305)
• 458238c v6.0.0
• 1e3df1a v6.0.0-rc.1
• bdb86b0 Merge branch 'arthurprs-small-optimizations'
• 4cdfc39 fix: merge errors
• 74b34f8 Merge branch 'small-optimizations' of github.com:arthurprs/dashmap into arthu...
• Additional commits viewable in compare view

Updates dirs to 6.0.0

Commits

• See full diff in compare view

Updates tokenizers to 0.22.2

Release notes

Sourced from tokenizers's releases.

Release v0.22.2

What's Changed

Okay mostly doing the release for these PR:

• Update deserialize of added tokens by @​ArthurZucker in huggingface/tokenizers#1891
• update stub for typing by @​ArthurZucker in huggingface/tokenizers#1896
• bump PyO3 to 0.26 by @​davidhewitt in huggingface/tokenizers#1901

Basically good typing with at least ty, and a lot fast (from 4 to 8x faster) loading vocab with a lot of added tokens and GIL free !?

• ci: add support for building Win-ARM64 wheels by @​MugundanMCW in huggingface/tokenizers#1869

• Add cargo-semver-checks to Rust CI workflow by @​haixuanTao in huggingface/tokenizers#1875

• Update indicatif dependency by @​gordonmessmer in huggingface/tokenizers#1867

• Bump node-forge from 1.3.1 to 1.3.2 in /tokenizers/examples/unstable_wasm/www by @​dependabot[bot] in huggingface/tokenizers#1889

• Bump js-yaml from 3.14.1 to 3.14.2 in /bindings/node by @​dependabot[bot] in huggingface/tokenizers#1892

• fix: used normalize_str in BaseTokenizer.normalize by @​ishitab02 in huggingface/tokenizers#1884

• [MINOR:TYPO] Update mod.rs by @​cakiki in huggingface/tokenizers#1883

• Remove runtime stderr warning from Python bindings by @​Copilot in huggingface/tokenizers#1898

• Mark immutable pyclasses as frozen by @​ngoldbaum in huggingface/tokenizers#1861

• DOCS: add add_prefix_space to processors.ByteLevel by @​CloseChoice in huggingface/tokenizers#1878

• Bump express from 4.21.2 to 4.22.1 in /tokenizers/examples/unstable_wasm/www by @​dependabot[bot] in huggingface/tokenizers#1903

New Contributors

• @​MugundanMCW made their first contribution in huggingface/tokenizers#1869
• @​haixuanTao made their first contribution in huggingface/tokenizers#1875
• @​gordonmessmer made their first contribution in huggingface/tokenizers#1867
• @​ishitab02 made their first contribution in huggingface/tokenizers#1884
• @​Copilot made their first contribution in huggingface/tokenizers#1898
• @​ngoldbaum made their first contribution in huggingface/tokenizers#1861
• @​CloseChoice made their first contribution in huggingface/tokenizers#1878

Full Changelog: huggingface/tokenizers@v0.22.1...v0.22.2

Commits

• 6573f2c add lock
• 1d9dbb8 push the release
• 95504c0 add .lock and v0.22.2
• 8604740 update stub for typing (#1896)
• a5e03ba Bump express in /tokenizers/examples/unstable_wasm/www (#1903)
• ebbc3c8 bump PyO3 to 0.26 (#1901)
• b83d7c9 DOCS: add add_prefix_space to processors.ByteLevel (#1878)
• 0607860 Mark immutable pyclasses as frozen (#1861)
• 09dafe2 Remove runtime stderr warning from Python bindings (#1898)
• a05b60c [MINOR:TYPO] Update mod.rs (#1883)
• Additional commits viewable in compare view

Updates ndarray to 0.17.1

Changelog

Sourced from ndarray's changelog.

Version 0.17.1 (2025-11-02)

Version 0.17.1 provides a patch to fix the originally-unsound implementation of the new array reference types.

The reference types are now all unsized. Practically speaking, this has one major implication: writing functions and traits that accept RawRef and LayoutRef will now need a + ?Sized bound to work ergonomically with ArrayRef. For example, the release notes for 0.17.0 said

Reading / Writing Shape: LayoutRef<A, D>

LayoutRef lets functions view or modify shape/stride information without touching data. This replaces verbose signatures like:

fn alter_view<S>(a: &mut ArrayBase<S, Ix1>)
where S: Data<Elem = f64>;

Use AsRef / AsMut for best compatibility:

fn alter_shape<T>(a: &mut T)
where T: AsMut<LayoutRef<f64>>;

However, these functions now need an additional bound to allow for callers to pass in &ArrayRef types:

fn alter_shape<T>(a: &mut T)
where T: AsMut<LayoutRef<f64>> + ?Sized; // Added bound here

A huge thank you to Sarah Quiñones (@​sarah-quinones) for catching the original unsound bug and helping to fix it. She does truly excellent work with faer-rs; check it out!

Version 0.17.0 (2025-10-14) [YANKED]

Version 0.17.0 introduces a new array reference type — the preferred way to write functions and extension traits in ndarray.
This release is fully backwards-compatible but represents a major usability improvement.
The first section of this changelog explains the change in detail.

It also includes numerous new methods, math functions, and internal improvements — all credited below.

A New Way to Write Functions

TL;DR

ndarray 0.17.0 adds new reference types for writing functions and traits that work seamlessly with owned arrays and views.

When writing functions that accept array arguments:

• Use &ArrayRef<A, D> to read elements from any array.
• Use &mut ArrayRef<A, D> to modify elements.
• Use &T where T: AsRef<LayoutRef<A, D>> to inspect shape/stride only.
• Use &mut T where T: AsMut<LayoutRef<A, D>> to modify shape/stride only.

All existing function signatures continue to work; these new types are fully opt-in.

... (truncated)

Commits

• 2324d2a Add partition(similar to numpy.partition) (#1498)
• 4e2a70f Allows benchmarks that do not use linspace to run on no_std (#1495)
• 2a5cae1 Add cumprod (#1491)
• See full diff in compare view

Updates lz4_flex to 0.12.0

Release notes

Sourced from lz4_flex's releases.

0.12.0

What's Changed

• Fix integer overflows when decoding large payloads by @​teh-cmc in PSeitz/lz4_flex#192
• chore(readme): add python binding impl by @​LVivona in PSeitz/lz4_flex#190

New Contributors

• @​teh-cmc made their first contribution in PSeitz/lz4_flex#192
• @​LVivona made their first contribution in PSeitz/lz4_flex#190

Full Changelog: PSeitz/lz4_flex@0.11.5...0.12.0

Changelog

Sourced from lz4_flex's changelog.

0.12.0 (2025-11-11)

• Fix integer overflows when decoding large payloads #192 (thanks @​teh-cmc)

This fixes an u32 integer overflow when decoding large payloads in the block format.
Note: The block format is not suitable for such large payloads, since it
keeps everything in memory. Consider using the frame format for large data.
This change also removes a unsafe fast-path for write_integer to simplify the code.
The performance impact is on incompressible data, which is already fast enough.

0.11.5 (2025-06-19)

• Fix incorrect rust-version field name in Cargo.toml #187

0.11.4 (2025-06-14)

• Upgrade to twox-hash 2.0#175
• Better no_std compatibility #180

0.11.3 (2024-03-30)

• Fix support for --deny=unsafe_code compilation #152
• make get_maximum_output_size const #153

0.11.2 (2024-01-11)

• Include license file in the published crate

0.11.1 (2023-06-19)

• [breaking] remove unchecked-decode Remove unchecked-decode feature-flag, because of feature unification: https://doc.rust-lang.org/cargo/reference/features.html#feature-unification

0.11.0 (2023-06-18)

Documentation

• Docs: add decompress block example

Fixes

• Handle empty input in Frame Format #120

Empty input was ignored previously and didn't write anything. Now an empty Frame is written. This improves compatibility with the reference implementation and some corner cases.

... (truncated)

Commits

• 975bfa7 bump version to 0.12.0
• 40d8110 update readme
• 642020e bump version to 0.12
• 5295b16 chore(readme): add python binding impl
• c1483c4 fix the issue
• b3c03be implement test demonstrating the issue
• a61ee5f remove unsafe write_integer which AFAICT is not used and broken
• ad71a31 fix illegal doc comment
• f1c070e clippy
• 1496be4 update binggan
• Additional commits viewable in compare view

Updates criterion to 0.8.1

Release notes

Sourced from criterion's releases.

criterion-plot-v0.8.1

Fixed

• Typo

Changelog

Sourced from criterion's changelog.

0.8.1 - 2025-12-07

Fixed

• Homepage link

Other

• (deps) bump crate-ci/typos from 1.23.5 to 1.40.0
• (deps) bump jontze/action-mdbook from 3 to 4
• (deps) bump actions/checkout from 4 to 6

0.8.0 - 2025-11-29

BREAKING

• Drop async-std support

Changed

• Bump MSRV to 1.86, stable to 1.91.1

Added

• Add ability to plot throughput on summary page.
• Add support for reporting throughput in elements and bytes - Throughput::ElementsAndBytes allows the text summary to report throughput in both units simultaneously.
• Add alloca-based memory layout randomisation to mitigate memory effects on measurements.
• Add doc comment to benchmark runner in criterion_group macro (removes linter warnings)

Fixed

• Fix plotting NaN bug

Other

• Remove Master API Docs links temporarily while we restore the docs publishing.

[0.7.0] - 2025-07-25

• Bump version of criterion-plot to align dependencies.

[0.6.0] - 2025-05-17

Changed

• MSRV bumped to 1.80
• The real_blackbox feature no longer has any impact. Criterion always uses std::hint::black_box() now. Users of criterion::black_box() should switch to std::hint::black_box().
• clap dependency unpinned.

Fixed

... (truncated)

Commits

• e4e06df chore: release v0.8.1
• aa548b9 fix: Homepage link
• 950c3b7 fix: Typo
• 7e3e50c chore(deps): bump crate-ci/typos from 1.23.5 to 1.40.0
• 391a99a chore(deps): bump jontze/action-mdbook from 3 to 4
• 8fb9a87 chore(deps): bump actions/checkout from 4 to 6
• b49ade7 chore: release v0.8.0
• c56485f docs: Mark Master API Docs links that need to be updated
• 86526a4 docs: Remove Master API Docs link temporarily
• 00a443f docs: Update README links
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[Copilot]

Pull request overview

This PR updates 11 Rust dependencies in the rust-dependencies group, including several major version bumps that introduce breaking changes. While keeping dependencies up-to-date is important for security and performance, several of these updates require careful verification before merging.

Key changes:

• Multiple major version updates with breaking API changes (bincode, pyo3, reqwest, thiserror, dashmap, dirs)
• Minor version updates with new features and bug fixes (tantivy, tokenizers, ndarray, lz4_flex, criterion)
• Most critical: bincode 1.3→3.0 affects serialization format used for persistent storage

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The bincode dependency is being updated from version 1.3 to 3.0, which is a major version jump that introduces breaking changes. This crate is used extensively throughout the codebase for serialization and deserialization operations (particularly in storage/sync_worker.rs). Major version updates in bincode typically change the serialization format, which can break compatibility with existing serialized data. Before merging this PR, you should:

1. Review the bincode 3.0 changelog for breaking changes
2. Verify that existing serialized data (WAL entries, stored MemoryEntry objects) can still be deserialized
3. Consider implementing a migration strategy if the serialization format is incompatible
4. Test the upgrade with existing data to ensure backward compatibility

Suggested change

	bincode = "3.0"
	bincode = "1.3"

[Copilot]

The reqwest dependency is being updated from 0.12 to 0.13. According to the changelog in the PR description, version 0.13.0 introduced several breaking changes:

1. rustls is now the default TLS backend instead of native-tls
2. rustls crypto provider defaults to aws-lc instead of ring
3. query and form are now crate features, disabled by default
4. Long-deprecated methods have been removed

Since this codebase uses reqwest for HTTP client operations (embedding API calls, Qdrant health checks), you should verify that:

1. The TLS backend change doesn't affect connectivity
2. Any query/form usage is covered by enabling the appropriate features if needed
3. No deprecated methods are being used that were removed in 0.13.0

Suggested change

	reqwest = { version = "0.13", features = ["json"] }
	reqwest = { version = "0.13", features = ["json", "query", "form"] }

[Copilot]

The pyo3 dependency is being updated from 0.24.1 to 0.27.2, which is a major version jump (two minor versions). According to the changelog, version 0.27.0 introduced several breaking changes including:

1. Dropped support for PyPy 3.9 and 3.10
2. Introduced new trait bounds and API changes
3. Changes to type checking and casting behavior

Since this is an optional dependency (used for Python bindings), you should verify that:

1. The Python bindings code still compiles with the new API
2. Any PyPy users are aware of the dropped support
3. The Python module still works as expected after the upgrade

The changelog also mentions fixes for crashes with dict subclassing on PyPy/GraalPy, which are positive changes.

[Lenvanderhof]

Closing: This PR includes major version bumps with breaking API changes that require code modifications. These updates should be done incrementally with proper testing. Will address in a future release.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml