chore(deps): bump the rust-dependencies group across 1 directory with 4 updates

[dependabot]

Bumps the rust-dependencies group with 4 updates in the / directory: serde_json, tree-sitter, ort and redb.

Updates serde_json from 1.0.149 to 1.0.150

Release notes

Sourced from serde_json's releases.

v1.0.150

• Reject non-string enum object keys (#1324, thanks @​puneetdixit200)

Commits

• a1ae73a Release 1.0.150
• 1a360b0 Merge pull request #1324 from puneetdixit200/reject-non-string-enum-keys
• 2037b63 Reject non-string enum object keys
• 5d30df6 Resolve manual_assert_eq pedantic clippy lint
• dc8003a Raise required compiler for preserve_order feature to 1.85
• a42fa98 Unpin CI miri toolchain
• 684a60e Pin CI miri to nightly-2026-02-11
• 7c7da33 Raise required compiler to Rust 1.71
• acf4850 Simplify Number::is_f64
• 6b8ceab Resolve unnecessary_map_or clippy lint
• Additional commits viewable in compare view

Updates tree-sitter from 0.26.8 to 0.26.9

Release notes

Sourced from tree-sitter's releases.

v0.26.9

What's Changed

• ci(actions): bump actions/cache to v5 by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5482
• build(deps): bump wasmtime-c-api to v36.0.7 by @​WillLillis in tree-sitter/tree-sitter#5514
• fix(loader): allow filenames with dots by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5538
• fix(rust): fix new clippy lints by @​WillLillis in tree-sitter/tree-sitter#5539
• test: bump c test fixture to v0.24.2 by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5542
• fix(generate): pass default optimization level in generate_parser_for_grammar by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5543
• feat(dist): enable install via cargo binstall (#5533) by @​clason in tree-sitter/tree-sitter#5544
• Prevent a buffer over-read when parsing 4-byte UTF-16 characters. by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5549
• fix(query): overflow in capture pool ids + some perf by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5555
• docs: note zero point unbounded behavior in query functions by @​WillLillis in tree-sitter/tree-sitter#5563
• build(deps): bump wasmtime-c-api to v36.0.8 by @​clason in tree-sitter/tree-sitter#5574
• fix(cli): account for process versions > 5 in the parse command's pretty debug output. by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5577
• fix(generate): improve error message for nonterminals used in immediate token rule by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5583
• fix(generate): rewrite parse_grammar with forward DFS by @​WillLillis in tree-sitter/tree-sitter#5584
• fix(wasm): load supertype tables for ABI 15 grammars by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5606
• build(deps): bump wasmtime-c-api to v36.0.9 by @​clason in tree-sitter/tree-sitter#5611
• Validate Wasm language memory reads by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5613
• release v0.26.9 by @​clason in tree-sitter/tree-sitter#5612

Full Changelog: tree-sitter/tree-sitter@v0.26.8...v0.26.9

Commits

• 7f53486 release v0.26.9
• 77b96de fix(wasm): validate memory reads (#5569) (#5613)
• a082228 build(deps): bump wasmtime-c-api to v36.0.9
• 7aea015 fix(wasm): load supertype tables for ABI 15 grammars (#5605) (#5606)
• 2cad8b8 fix(generate): consider reserved words when removing unused rules
• ddbe469 fix(generate): rewrite parse_grammar with forward DFS
• 17f9796 fix(generate): improve error message for nonterminals used in immediate token...
• 17e4bf9 fix(cli): account for process versions > 5 in the parse command's pretty
• ec120d0 build(deps): bump wasmtime-c-api to v36.0.8
• 7c3d842 docs: note zero point unbounded behavior in query functions
• Additional commits viewable in compare view

Updates ort from 2.0.0-rc.11 to 2.0.0-rc.12

Release notes

Sourced from ort's releases.

v2.0.0-rc.12

2.0.0-rc.12

💖 If you find ort useful, please consider sponsoring us on Open Collective 💖

🤔 Need help upgrading? Ask questions in GitHub Discussions or in the pyke.io Discord server!

---

This release was made possible by Rime.ai!

Authentic AI voice models for enterprise.

---

📍 Multiversioning

🚨 If you used ort with default-features = false, enable the api-24 feature to use the latest features.

The big highlight of this release is multiversioning: ort can now use any minor version of ONNX Runtime from v1.17 to v1.24. New features are gated behind api-* feature flags, like api-20 or api-24. These flags will set the minimum version of ONNX Runtime required by ort.

More info 👉 https://ort.pyke.io/setup/multiversion

🪄 Automatic device selection

With ONNX Runtime 1.22 or later, ort will now automatically use an NPU if one is available for maximum efficiency & power savings! Setting your own execution providers will override this.

This is thanks to the super cool new SessionBuilder::with_auto_device API! There's also SessionBuilder::with_devices for finer control.

👁️ CUDA 13

ort now ships builds for both CUDA 12 & CUDA 13! It should automatically detect which CUDA you're using, but if it gets it wrong, you can override it by setting the ORT_CUDA_VERSION environment variable to 12 or 13.

🩹 SessionBuilder error recovery

You can now recover from errors when building a session by calling .recover() on the error type to get the SessionBuilder back.

🛡️ Build attestations

Prebuilt binaries are now attested via GitHub Actions, so you can verify that they are untampered builds of ONNX Runtime coming straight from pyke.io.

To verify, download your binary package of choice and use the gh CLI to verify:

➜  gh attestation verify --owner pykeio ./x86_64-pc-windows-msvc+cu13.tar.lzma2
Loaded digest sha256:e96616510082108be228ad6ea026246a31650b7d446b330c6b9671fcb9ae6267 for file://./x86_64-pc-windows-msvc+cu13.tar.lzma2
Loaded 1 attestation from GitHub API
The following policy criteria will be enforced:

OIDC Issuer must match:................... https://token.actions.githubusercontent.com
Source Repository Owner URI must match:... https://github.com/pykeio

</tr></table>

... (truncated)

Commits

• f085e4c 2.0.0-rc.12
• 079ecb4 fix: one environment (#542)
• 0023124 fix(tract): support external data
• e9666c7 fix: no_std
• a08efe6 feat: manual device selection
• 771e1a5 refactor: make Outlet wrap OrtValueInfo
• a02122d fix: web, no-std
• 0fe5b25 config: silence clippy warning
• fb29790 feat: recover from SessionBuilder errors
• 831422c docs(readme): update projects
• Additional commits viewable in compare view

Updates redb from 3.1.3 to 4.1.0

Release notes

Sourced from redb's releases.

4.1.0

This release contains a large number of bug fixes discovered by AI coding agents

• Fix a bug where MultimapValue::len() and is_empty() returned stale counts after consuming entries via next_back().
• Fix a bug where restore_savepoint() used in a non-Immediate durability transaction and when there are persistent savepoints newer than the one being restored, could fail with SavepointError::InvalidSavepoint, but the savepoint would actually be partially applied. The call now fails up front with SavepointError::ImmediateDurabilityRequired.
• Fix a bug in restore_savepoint() where modifications made earlier in the transaction might not be reverted.
• Fix a bug where renaming a table that was already modified in the same transaction could cause the database to become corrupted.
• Fix a bug where calling restore_savepoint() after modifying a table in the same transaction could cause the table to become corrupted in a future transaction.
• Fix a panic when delete_table() was called on a table that had been modified in the same transaction.
• Fix a panic in restore_savepoint() when passed a Savepoint from a different Database. SavepointError::InvalidSavepoint is now returned instead.
• Fix a bug where a transaction that created a persistent savepoint and was then aborted could cause the database file to grow excessively, until the Database was dropped.
• Fix a panic in check_integrity() when called while another transaction is still alive. DatabaseError::TransactionInProgress is now returned instead.
• Fix a bug where aborting a transaction that called restore_savepoint() with a savepoint when a newer savepoint existed could cause database space to be leaked.
• Fix a bug where aborting a transaction that called restore_savepoint() would leave more recent savepoints invalid.
• Improve performance when reading concurrently from multiple threads. Around 15% speedup on some benchmarks.
• Optimize cache usage, and general write performance. Around 1.5x speedup on some benchmarks.
• Optimize memory usage.
• Other performance optimizations.

4.0.0

• Implement Drop on AccessGuardMut and AccessGuardMutInPlace, which requires that these be dropped before the Table they borrow from. This fixes a critical bug where the accessor could outlive the Table, and be dropped after the transaction had already committed. This could cause data loss due to the data in the accessor being written out after the transaction had already completed.
• Remove Legacy type. To migrate off the Legacy type, use the Legacy type in the 3.x release and copy the data to a table with plain tuples, before upgrading to the 4.x release.

Changelog

Sourced from redb's changelog.

4.1.0 - 2026-04-19

This release contains a large number of bug fixes discovered by AI coding agents

• Fix a bug where MultimapValue::len() and is_empty() returned stale counts after consuming entries via next_back().
• Fix a bug where restore_savepoint() used in a non-Immediate durability transaction and when there are persistent savepoints newer than the one being restored, could fail with SavepointError::InvalidSavepoint, but the savepoint would actually be partially applied. The call now fails up front with SavepointError::ImmediateDurabilityRequired.
• Fix a bug in restore_savepoint() where modifications made earlier in the transaction might not be reverted.
• Fix a bug where renaming a table that was already modified in the same transaction could cause the database to become corrupted.
• Fix a bug where calling restore_savepoint() after modifying a table in the same transaction could cause the table to become corrupted in a future transaction.
• Fix a panic when delete_table() was called on a table that had been modified in the same transaction.
• Fix a panic in restore_savepoint() when passed a Savepoint from a different Database. SavepointError::InvalidSavepoint is now returned instead.
• Fix a bug where a transaction that created a persistent savepoint and was then aborted could cause the database file to grow excessively, until the Database was dropped.
• Fix a panic in check_integrity() when called while another transaction is still alive. DatabaseError::TransactionInProgress is now returned instead.
• Fix a bug where aborting a transaction that called restore_savepoint() with a savepoint when a newer savepoint existed could cause database space to be leaked.
• Fix a bug where aborting a transaction that called restore_savepoint() would leave more recent savepoints invalid.
• Improve performance when reading concurrently from multiple threads. Around 15% speedup on some benchmarks.
• Optimize cache usage, and general write performance. Around 1.5x speedup on some benchmarks.
• Optimize memory usage.
• Other performance optimizations.

4.0.0 - 2026-04-02

• Implement Drop on AccessGuardMut and AccessGuardMutInPlace, which requires that these be dropped before the Table they borrow from. This fixes a critical bug where the accessor could outlive the Table, and be dropped after the transaction had already committed. This could cause data loss due to the data in the accessor being written out after the transaction had already completed.
• Remove Legacy type. To migrate off the Legacy type, use the Legacy type in the 3.x release and copy the data to a table with plain tuples, before upgrading to the 4.x release.

Commits

• 6ed1f98 Bump version to 4.1.0
• 0a87cb7 Update changelog
• 03966a5 Require callers of get_page to provide a PageHint
• a75927f Remove some TODO comments
• a39779b Avoid allocating a page for a branch that will be immediately merged
• 6374134 Document that Table{,Multimap}Definition::new panic on empty names
• ba043e3 Avoid copying keys in leaf overwrite paths
• f42c468 Fix MultimapValue::next_back() not decrementing remaining counter
• 3756148 Clarify API contract for Key and Value traits
• 4552372 Consolidate WriteTransaction savepoint lifecycle state
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions