chore(deps): bump the rust-dependencies group across 1 directory with 8 updates

[dependabot]

Bumps the rust-dependencies group with 8 updates in the / directory:

Package	From	To
clap	4.5.58	4.6.1
ort-sys	2.0.0-rc.9	2.0.0-rc.10
serde_json	1.0.149	1.0.150
uuid	1.21.0	1.23.2
chrono	0.4.43	0.4.44
rmcp	1.3.0	1.7.0
tokio	1.51.1	1.52.3
tempfile	3.25.0	3.27.0

Updates clap from 4.5.58 to 4.6.1

Release notes

Sourced from clap's releases.

v4.6.1

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

v4.5.60

[4.5.60] - 2026-02-19

Fixes

• (help) Quote empty default values, possible values

v4.5.59

[4.5.59] - 2026-02-16

Fixes

• Command::ignore_errors no longer masks help/version on subcommands

Changelog

Sourced from clap's changelog.

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

[4.6.0] - 2026-03-12

Compatibility

• Update MSRV to 1.85

[4.5.61] - 2026-03-12

Internal

• Update dependencies

[4.5.60] - 2026-02-19

Fixes

• (help) Quote empty default values, possible values

[4.5.59] - 2026-02-16

Fixes

• Command::ignore_errors no longer masks help/version on subcommands

Commits

• 1420275 chore: Release
• d2c817d docs: Update changelog
• f88c94e Merge pull request #6341 from epage/sep
• acbb822 fix(complete): Reduce risk of conflict with actual subcommands
• a49fadb refactor(complete): Pull out subcommand separator
• ddc008b Merge pull request #6332 from epage/update
• 497dc50 chore: Update compatible dependencies
• dca2326 Merge pull request #6331 from clap-rs/renovate/j178-prek-action-2.x
• 54bdaa3 chore(deps): Update j178/prek-action action to v2
• f0d30d9 chore: Release
• Additional commits viewable in compare view

Updates ort-sys from 2.0.0-rc.9 to 2.0.0-rc.10

Release notes

Sourced from ort-sys's releases.

v2.0.0-rc.10

---

💖 If you find ort useful, please consider sponsoring us on Open Collective 💖

🤔 Need help upgrading? Ask questions in GitHub Discussions or in the pyke.io Discord server!

---

🔗 Tensor Array Views

You can now create a TensorRef directly from an ArrayView. Previously, tensors could only be created via Tensor::from_array (which, in many cases, performed a copy if borrowed data was provided). The new TensorRef::from_array_view (and the complementary TensorRefMut::from_array_view_mut) method(s) allows for the zero-copy creation of tensors directly from an ArrayView.

Tensor::from_array now only accepts owned data, so you should either refactor your code to use TensorRefs or pass ownership of the array to the Tensor.

⚠️ ndarrays must be in standard/contiguous memory layout to be converted to a TensorRef(Mut); see .as_standard_layout().

↔️ Copy Tensors

rc.10 now allows you to manually copy tensors between devices using Tensor::to!

// Create our tensor in CUDA memory
let cuda_allocator = Allocator::new(
	&session,
	MemoryInfo::new(AllocationDevice::CUDA, 0, AllocatorType::Device, MemoryType::Default)?
)?;
let cuda_tensor = Tensor::<f32>::new(&cuda_allocator, [1_usize, 3, 224, 224])?;
// Copy it back to CPU
let cpu_tensor = cuda_tensor.to(AllocationDevice::CPU, 0)?;

There's also Tensor::to_async, which replicates the functionality of PyTorch's non_blocking=True. Additionally, Tensors now implement Clone.

⚙️ Alternative Backends

ort is no longer just a wrapper for ONNX Runtime; it's a one-stop shop for inferencing ONNX models in Rust thanks to the addition of the alternative backend API.

Alternative backends wrap other inference engines behind ONNX Runtime's API, which can simply be dropped in and used in ort - all it takes is one line of code:

fn main() {
    ort::set_api(ort_tract::api()); // <- magic!
let session = Session::builder()?
    ...

}
</tr></table>

... (truncated)

Commits

• d1ebde9 fix: use absolute paths for crate include
• daf9104 2.0.0-rc.10
• 882056c ci(*): use latest version of rust-cache
• 180ec09 fix(sys): update binaries with fix for #392
• 410ece4 chore: match ort-sys license with main license
• 4745bb3 fix: NVExecutionProvider is not supported on linux
• 7976879 fix: ensure environment exists when registering NVExecutionProvider
• fb17d45 refactor: remove most usages of NonNull::new_unchecked
• b12b903 refactor: simplify SessionOutputs
• ab2759b feat: Update to ONNX Runtime v1.22 (#393)
• Additional commits viewable in compare view

Updates serde_json from 1.0.149 to 1.0.150

Release notes

Sourced from serde_json's releases.

v1.0.150

• Reject non-string enum object keys (#1324, thanks @​puneetdixit200)

Commits

• a1ae73a Release 1.0.150
• 1a360b0 Merge pull request #1324 from puneetdixit200/reject-non-string-enum-keys
• 2037b63 Reject non-string enum object keys
• 5d30df6 Resolve manual_assert_eq pedantic clippy lint
• dc8003a Raise required compiler for preserve_order feature to 1.85
• a42fa98 Unpin CI miri toolchain
• 684a60e Pin CI miri to nightly-2026-02-11
• 7c7da33 Raise required compiler to Rust 1.71
• acf4850 Simplify Number::is_f64
• 6b8ceab Resolve unnecessary_map_or clippy lint
• Additional commits viewable in compare view

Updates uuid from 1.21.0 to 1.23.2

Release notes

Sourced from uuid's releases.

v1.23.2

What's Changed

• Improve error messages for ambiguous formats by @​KodrAus in uuid-rs/uuid#882
• Prepare for 1.23.2 release by @​KodrAus in uuid-rs/uuid#883

Full Changelog: uuid-rs/uuid@v1.23.1...v1.23.2

v1.23.1

What's Changed

• Remove deprecated msrv feature from wasm-bindgen dependency by @​guybedford in uuid-rs/uuid#877
• fix: Timestamp::from_gregorian deprecation note by @​aznashwan in uuid-rs/uuid#878
• Prepare for 1.23.1 release by @​KodrAus in uuid-rs/uuid#879

New Contributors

• @​guybedford made their first contribution in uuid-rs/uuid#877
• @​aznashwan made their first contribution in uuid-rs/uuid#878

Full Changelog: uuid-rs/uuid@v1.23.0...v1.23.1

v1.23.0

What's Changed

• feat: add support for 'hyphenated' format in the serde module by @​FrenchDilettante in uuid-rs/uuid#865
• Fix a number of bugs in time-related code by @​KodrAus in uuid-rs/uuid#872
• Reword invalid char error message by @​KodrAus in uuid-rs/uuid#873
• Impl cleanups by @​KodrAus in uuid-rs/uuid#874
• Use LazyLock to synchronize v1/v6 context initialization by @​KodrAus in uuid-rs/uuid#875
• Prepare for 1.23.0 release by @​KodrAus in uuid-rs/uuid#876

New Contributors

• @​FrenchDilettante made their first contribution in uuid-rs/uuid#865

Special thanks

@​meng-xu-cs raised a series of bugs against the timestamp logic in uuid using automated tooling. The issues themselves were reasonably and responsibly presented and the end result is a better uuid library for everyone. Thanks!

Deprecations

This release includes the following deprecations:

• Context: Renamed to ContextV1
• Timestamp::from_gregorian: Renamed to Timestamp::from_gregorian_time

Change to Version::Max

Version::Max's u8 representation has changed from 0xff to 0x0f to match the value returned by Uuid::get_version_num.

Change to Uuid::get_version for the max UUID

Uuid::get_version will only return Some(Version::Max) if the UUID is actually the max UUID (all bytes are 0xff). Previously it would return Some if only the version field was 0x0f. This change matches the behaviour of the nil UUID, which only returns Some(Version::Nil) if the UUID is the nil UUID (all bytes are 0x00).

... (truncated)

Commits

• d119657 Merge pull request #883 from uuid-rs/cargo/v1.23.2
• 0651cfc prepare for 1.23.2 release
• e8dea0c Merge pull request #882 from uuid-rs/fix/error-msgs
• bdc429a fix up serde messages
• d4342e4 make indexes 0 based and fix up more error messages
• 4ad479f work on more accurate parser errors
• ca0c85f Merge pull request #879 from uuid-rs/cargo/v1.23.1
• b4db015 prepare for 1.23.1 release
• 771069d Merge pull request #878 from aznashwan/fix-from-gregorian-deprecation-note
• 80994a2 fix: Timestamp::from_gregorian deprecation note
• Additional commits viewable in compare view

Updates chrono from 0.4.43 to 0.4.44

Release notes

Sourced from chrono's releases.

0.4.44

What's Changed

• docs: match MSRV with Cargo.toml contents by @​coryan in chronotope/chrono#1772
• Add track_caller to non-deprecated functions by @​svix-jplatte in chronotope/chrono#1774

Commits

• c14b459 Bump version to 0.4.44
• ea832c5 Add track_caller to non-deprecated functions
• cfae889 Fix panic message in to_rfc2822
• f8900b5 docs: match MSRV with Cargo.toml contents
• See full diff in compare view

Updates rmcp from 1.3.0 to 1.7.0

Release notes

Sourced from rmcp's releases.

rmcp-macros-v1.7.0

Added

• add task-based stdio examples (#839)

rmcp-v1.7.0

Added

• add task-based stdio examples (#839)

Fixed

• (rmcp) flatten Resource variant of PromptMessageContent (#843)
• reply -32700 on stdio parse errors instead of closing (#833)

Other

• (rmcp) remove dependency on chrono default features (#829)
• Fix/issue 817 idle timeout log level (#824)

rmcp-macros-v1.6.0

Fixed

• (docs) use correct Parameters syntax in tool examples (#814)

Other

• add systemprompt-template to Built with rmcp (#820)

rmcp-v1.6.0

Added

• (http) log Host/Origin rejections (#826)
• (http) add Origin header validation (#823)
• (router) support runtime disabling of tools (#809)
• optional session store (resumabillity support) (#775)

Fixed

• add init_timeout for streamable-http sessions (#811)
• (http) fall back to :authority for HTTP/2 (#827)
• (docs) use correct Parameters syntax in tool examples (#814)

Other

• add systemprompt-template to Built with rmcp (#820)

rmcp-macros-v1.5.0

Fixed

... (truncated)

Commits

• 3529c36 chore: release v1.6.1 (#831)
• d695046 fix: enable task support on counter long_task example (#838)
• 5ccdfc0 feat: add task-based stdio examples (#839)
• d83b156 fix(rmcp): flatten Resource variant of PromptMessageContent (#843)
• 321ab14 fix: reply -32700 on stdio parse errors instead of closing (#833)
• 0f776ab chore(rmcp): remove dependency on chrono default features (#829)
• 3bf5298 ci: extend semver check to all features except local (#832)
• 88df9af chore(deps): update askama requirement from 0.15 to 0.16 (#830)
• 2f8d3b7 Fix/issue 817 idle timeout log level (#824)
• 014fb2e chore: release v1.6.0 (#818)
• Additional commits viewable in compare view

Updates tokio from 1.51.1 to 1.52.3

Release notes

Sourced from tokio's releases.

Tokio v1.52.3

1.52.3 (May 8th, 2026)

Fixed

• sync: fix underflow in mpsc channel len() (#8062)
• sync: notify receivers in mpsc OwnedPermit::release() method (#8075)
• sync: require that an RwLock has max_readers != 0 (#8076)
• sync: return Empty from try_recv() when mpsc is closed with outstanding permits (#8074)

#8062: tokio-rs/tokio#8062 #8074: tokio-rs/tokio#8074 #8075: tokio-rs/tokio#8075 #8076: tokio-rs/tokio#8076

Tokio v1.52.2

1.52.2 (May 4th, 2026)

This release reverts the LIFO slot stealing change introduced in 1.51.0 (#7431), due to [its performance impact]#8065. (#8100)

#7431: tokio-rs/tokio#7431 #8065: tokio-rs/tokio#8065 #8100: tokio-rs/tokio#8100

Tokio v1.52.1

1.52.1 (April 16th, 2026)

Fixed

• runtime: revert #7757 to fix [a regression]#8056 that causes spawn_blocking to hang (#8057)

#7757: tokio-rs/tokio#7757 #8056: tokio-rs/tokio#8056 #8057: tokio-rs/tokio#8057

Tokio v1.52.0

1.52.0 (April 14th, 2026)

Added

• io: AioSource::register_borrowed for I/O safety support (#7992)
• net: add try_io function to unix::pipe sender and receiver types (#8030)

Added (unstable)

• runtime: Builder::enable_eager_driver_handoff setting enable eager hand off of the I/O and time drivers before polling tasks (#8010)
• taskdump: add trace_with() for customized task dumps (#8025)
• taskdump: allow impl FnMut() in trace_with instead of just fn() (#8040)
• fs: support io_uring in AsyncRead for File (#7907)

... (truncated)

Commits

• d875691 chore: prepare Tokio v1.52.3 (#8130)
• e1aebb0 Merge 'tokio-1.51.3' into 'tokio-1.52.x' (#8129)
• fd63094 chore: prepare Tokio v1.51.3 (#8127)
• 8c600d0 Merge 'tokio-1.47.5' into 'tokio-1.51.x' (#8123)
• 11bfc13 chore: prepare Tokio v1.47.5 (#8122)
• f085b62 sync: notify receivers in mpsc OwnedPermit::release() method (#8075)
• 30d25cc sync: require that an RwLock has max_readers != 0 (#8076)
• 9fccf53 sync: return Empty from try_recv() when mpsc is closed with outstanding p...
• ebf61b4 sync: fix underflow in mpsc channel len() (#8062)
• 4abe9d7 chore: prepare Tokio v1.52.2 (#8115)
• Additional commits viewable in compare view

Updates tempfile from 3.25.0 to 3.27.0

Changelog

Sourced from tempfile's changelog.

3.27.0

This release adds TempPath::try_from_path and deprecates TempPath::from_path.

Prior to this release, TempPath::from_path made no attempts to convert relative paths into absolute paths. The following code would have deleted the wrong file:

let tmp_path = TempPath::from_path("foo")
std::env::set_current_dir("/some/other/path").unwrap();
drop(tmp_path);

Now:

1. TempPath::from_path will attempt to convert relative paths into absolute paths. However, this isn't always possible as we need to call std::env::current_dir, which can fail. If we fail to convert the relative path to an absolute path, we simply keep the relative path.
2. The TempPath::try_from_path behaves exactly like TempPath::from_path, except that it returns an error if we fail to convert a relative path into an absolute path (or if the passed path is empty).

Neither function attempt to verify the existence of the file in question.

Thanks to @​meng-xu-cs for reporting this issue.

3.26.0

• Support NamedTempFile::persist on RedoxOS (#393) (thanks to @​Andy-Python-Programmer).

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions