Skip to content

chore(deps): bump the non-arrow group across 1 directory with 8 updates#257

Merged
gadomski merged 2 commits intomainfrom
dependabot/cargo/non-arrow-0cb1ce31f7
Mar 31, 2026
Merged

chore(deps): bump the non-arrow group across 1 directory with 8 updates#257
gadomski merged 2 commits intomainfrom
dependabot/cargo/non-arrow-0cb1ce31f7

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 24, 2026
edited
Loading

Bumps the non-arrow group with 5 updates in the / directory:

Package From To
clap 4.5.60 4.6.0
duckdb 6e74ebc 3fb8714
geojson 0.24.2 1.0.0
openssl 0.10.75 0.10.76
rustac b25bce2 8b078d1

Updates clap from 4.5.60 to 4.6.0

Changelog

Sourced from clap's changelog.

[4.6.0] - 2026-03-12

Compatibility

  • Update MSRV to 1.85

[4.5.61] - 2026-03-12

Internal

  • Update dependencies
Commits

Updates duckdb from 6e74ebc to 3fb8714

Commits
  • 3fb8714 deps: bump arrow to v58
  • a0623e6 incorporate feedback
  • 47fac95 add support for collecting profiling metrics
  • fa398be Update deps for development (#706)
  • 9d752a1 Update deps for development
  • 7a0f039 Clarify MSRV policy under new versioning (#705)
  • 04797d2 Fix typos
  • 209db0a Clarify MSRV policy under new versioning
  • 3e36138 duckdb_entrypoint_c_api: suppress missing_safety_doc lint (#704)
  • a919b53 duckdb_entrypoint_c_api: suppress missing_safety_doc
  • Additional commits viewable in compare view

Updates geojson from 0.24.2 to 1.0.0

Changelog

Sourced from geojson's changelog.

v1.0.0 - 2025-03-16

  • BREAKING: Position is now a struct, rather than a type alias for Vec. The new struct uses the tinyvec crate, which allows for faster GeoJSON processing in the common (2-D) case by avoiding per-coordinate heap allocations. 
    // BEFORE: Position *was* a Vec. A Vec is always allocated on the heap, which is slow.
let position: Position = vec![1.0, 2.0];
let x = position[0];
// AFTER: Position is its own type, buildable from a Vec.
let position: Position = vec![1.0, 2.0].into();
// index access is unchanged
let x = position[0];
// Alternatively, you can now construct from an Array, avoiding the Vec's heap allocation.
let position: Position = [1.0, 2.0].into();
// equivalently:
let position = Position::from([1.0, 2.0]);
// You can still build 3D+ Positions. These higher dimension coordinates will use Heap storage.
let position = Position::from([1.0, 2.0, 3.0]);
let position = Position::from(vec![1.0, 2.0, 3.0, 4.0, 5.0, 6.0]);

  • Substantially speed up parsing (Benches show 30% reduction). This was essentially a rewrite of our deserialization logic. Instead of going from input -> serde_json::JsonObject -> geojson types we now go directly from input -> geojson types.
  • Deserialization errors now include line number and column position. Before:

    Encountered neither number type nor string type for 'id' field on 'feature' object: {} After: Error while deserializing GeoJSON: Feature 'id' must be a string or a number at line 3 column 11

  • BREAKING: geojson::Error has had many cases removed and some new cases added, reflecting the deserialization rewrite.
  • BREAKING: TryInto/From implementations for serde_json::Value and serde_json::Object have been removed now that they are not used for deserialization.
  • type is now the first field when serializing GeoJSON objects.
  • Since feature.id is optional, we now accept "id: null", whereas previously you were required to omit the id key. Now either is acceptable.
  • Fix: Return [] instead of [[]] for POLYGON EMPTY.
  • Potentially breaking: De/Serializing your custom structs with serde now maps your struct's id field to Feature.id, rather than to Feature.properties.id.
  • Fix geo_rect_conversion_test to conform to the correctly-wound Polygon output from geo_types::geometry::Rect.to_polygon

... (truncated)

Commits
  • f6eafed prepare for 1.0.0 release
  • 8c12816 prepare for 0.25.0 release
  • c64043f simpler docs
  • fa96c26 update to rust 2024 (#273)
  • 3c362b4 Additional ergonomic constructors (for Geometry and FeatureCollection) (#271)
  • f5fffd0 Remove methods related to json to/from now that we ser/de directly (#270)
  • de445d9 Speed up parsing by deserializing directly to geojson (without intermediate s...
  • a7870db Move code around - no new functionality (#268)
  • 37ea3c9 Merge branch 'mkirk/derive-serialization-3'
  • 67c07a1 derive Serialization rather than manual impls
  • Additional commits viewable in compare view

Updates openssl from 0.10.75 to 0.10.76

Release notes

Sourced from openssl's releases.

openssl-v0.10.76

What's Changed

New Contributors

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.75...openssl-v0.10.76

Commits

Updates rustac from b25bce2 to 8b078d1

Commits
  • 8b078d1 chore(deps-dev): bump deepdiff from 8.6.1 to 8.6.2 (#995)
  • 6442b7e chore(deps): update geojson requirement from 0.24.1 to 1.0.0 (#993)
  • a7b0480 chore(deps): bump actions/create-github-app-token from 2 to 3 (#991)
  • 67edff0 chore(deps): bump j178/prek-action from 1 to 2 (#992)
  • 2b86ddf chore(deps): bump cairosvg from 2.8.2 to 2.9.0 (#990)
  • 5a66a2c chore(deps): bump pillow from 11.3.0 to 12.1.1 (#989)
  • 6c0b318 chore(deps): bump orjson from 3.11.4 to 3.11.6 (#988)
  • b2baa5f chore(deps): bump tar from 7.5.10 to 7.5.11 in /crates/wasm (#987)
  • See full diff in compare view

Updates stac from b25bce2 to 8b078d1

Commits
  • 8b078d1 chore(deps-dev): bump deepdiff from 8.6.1 to 8.6.2 (#995)
  • 6442b7e chore(deps): update geojson requirement from 0.24.1 to 1.0.0 (#993)
  • a7b0480 chore(deps): bump actions/create-github-app-token from 2 to 3 (#991)
  • 67edff0 chore(deps): bump j178/prek-action from 1 to 2 (#992)
  • 2b86ddf chore(deps): bump cairosvg from 2.8.2 to 2.9.0 (#990)
  • 5a66a2c chore(deps): bump pillow from 11.3.0 to 12.1.1 (#989)
  • 6c0b318 chore(deps): bump orjson from 3.11.4 to 3.11.6 (#988)
  • b2baa5f chore(deps): bump tar from 7.5.10 to 7.5.11 in /crates/wasm (#987)
  • See full diff in compare view

Updates stac-duckdb from b25bce2 to 8b078d1

Commits
  • 8b078d1 chore(deps-dev): bump deepdiff from 8.6.1 to 8.6.2 (#995)
  • 6442b7e chore(deps): update geojson requirement from 0.24.1 to 1.0.0 (#993)
  • a7b0480 chore(deps): bump actions/create-github-app-token from 2 to 3 (#991)
  • 67edff0 chore(deps): bump j178/prek-action from 1 to 2 (#992)
  • 2b86ddf chore(deps): bump cairosvg from 2.8.2 to 2.9.0 (#990)
  • 5a66a2c chore(deps): bump pillow from 11.3.0 to 12.1.1 (#989)
  • 6c0b318 chore(deps): bump orjson from 3.11.4 to 3.11.6 (#988)
  • b2baa5f chore(deps): bump tar from 7.5.10 to 7.5.11 in /crates/wasm (#987)
  • See full diff in compare view

Updates stac-io from b25bce2 to 8b078d1

Commits
  • 8b078d1 chore(deps-dev): bump deepdiff from 8.6.1 to 8.6.2 (#995)
  • 6442b7e chore(deps): update geojson requirement from 0.24.1 to 1.0.0 (#993)
  • a7b0480 chore(deps): bump actions/create-github-app-token from 2 to 3 (#991)
  • 67edff0 chore(deps): bump j178/prek-action from 1 to 2 (#992)
  • 2b86ddf chore(deps): bump cairosvg from 2.8.2 to 2.9.0 (#990)
  • 5a66a2c chore(deps): bump pillow from 11.3.0 to 12.1.1 (#989)
  • 6c0b318 chore(deps): bump orjson from 3.11.4 to 3.11.6 (#988)
  • b2baa5f chore(deps): bump tar from 7.5.10 to 7.5.11 in /crates/wasm (#987)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Mar 24, 2026
@gadomski gadomski self-requested a review March 24, 2026 13:13
@dependabot
chore(deps): bump the non-arrow group across 1 directory with 8 updates
3eb59c9 
Bumps the non-arrow group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [clap](https://github.com/clap-rs/clap) | `4.5.60` | `4.6.0` |
| [duckdb](https://github.com/gadomski/duckdb-rs) | ``6e74ebc`` | ``3fb8714`` |
| [geojson](https://github.com/georust/geojson) | `0.24.2` | `1.0.0` |
| [openssl](https://github.com/rust-openssl/rust-openssl) | `0.10.75` | `0.10.76` |
| [rustac](https://github.com/stac-utils/rustac) | ``b25bce2`` | ``8b078d1`` |



Updates `clap` from 4.5.60 to 4.6.0
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](clap-rs/clap@clap_complete-v4.5.60...clap_complete-v4.6.0)

Updates `duckdb` from `6e74ebc` to `3fb8714`
- [Commits](gadomski/duckdb-rs@6e74ebc...3fb8714)

Updates `geojson` from 0.24.2 to 1.0.0
- [Changelog](https://github.com/georust/geojson/blob/main/CHANGES.md)
- [Commits](georust/geojson@0.24.2...v1.0.0)

Updates `openssl` from 0.10.75 to 0.10.76
- [Release notes](https://github.com/rust-openssl/rust-openssl/releases)
- [Commits](rust-openssl/rust-openssl@openssl-v0.10.75...openssl-v0.10.76)

Updates `rustac` from `b25bce2` to `8b078d1`
- [Release notes](https://github.com/stac-utils/rustac/releases)
- [Commits](stac-utils/rustac@b25bce2...8b078d1)

Updates `stac` from `b25bce2` to `8b078d1`
- [Release notes](https://github.com/stac-utils/rustac/releases)
- [Commits](stac-utils/rustac@b25bce2...8b078d1)

Updates `stac-duckdb` from `b25bce2` to `8b078d1`
- [Release notes](https://github.com/stac-utils/rustac/releases)
- [Commits](stac-utils/rustac@b25bce2...8b078d1)

Updates `stac-io` from `b25bce2` to `8b078d1`
- [Release notes](https://github.com/stac-utils/rustac/releases)
- [Commits](stac-utils/rustac@b25bce2...8b078d1)

---
updated-dependencies:
- dependency-name: clap
  dependency-version: 4.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: non-arrow
- dependency-name: duckdb
  dependency-version: 3fb8714657f5aa0a841ab97068c9109d98316bed
  dependency-type: direct:production
  dependency-group: non-arrow
- dependency-name: geojson
  dependency-version: 1.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: non-arrow
- dependency-name: openssl
  dependency-version: 0.10.76
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: non-arrow
- dependency-name: rustac
  dependency-version: 8b078d187186f79c9bd1d772a6cb162638f9dc9a
  dependency-type: direct:production
  dependency-group: non-arrow
- dependency-name: stac
  dependency-version: 8b078d187186f79c9bd1d772a6cb162638f9dc9a
  dependency-type: direct:production
  dependency-group: non-arrow
- dependency-name: stac-duckdb
  dependency-version: 8b078d187186f79c9bd1d772a6cb162638f9dc9a
  dependency-type: direct:production
  dependency-group: non-arrow
- dependency-name: stac-io
  dependency-version: 8b078d187186f79c9bd1d772a6cb162638f9dc9a
  dependency-type: direct:production
  dependency-group: non-arrow
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/cargo/non-arrow-0cb1ce31f7 branch from ef2f9ed to 3eb59c9 Compare March 31, 2026 10:10
@gadomski gadomski enabled auto-merge (squash) March 31, 2026 14:19
@gadomski gadomski merged commit e3e6c4d into main Mar 31, 2026
5 checks passed
@gadomski gadomski deleted the dependabot/cargo/non-arrow-0cb1ce31f7 branch March 31, 2026 14:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gadomski gadomski Awaiting requested review from gadomski

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@gadomski