chore(deps): bump the rust-deps group across 1 directory with 8 updates

[dependabot]

Bumps the rust-deps group with 8 updates in the / directory:

Package	From	To
tree-sitter	0.26.8	0.26.9
rmcp	1.6.0	1.7.0
serde_json	1.0.149	1.0.150
assert_cmd	2.2.1	2.2.2
openblas-src	0.10.15	0.10.16
memchr	2.8.0	2.8.1
mimalloc	0.1.50	0.1.52
ureq	3.2.0	3.3.0

Updates tree-sitter from 0.26.8 to 0.26.9

Release notes

Sourced from tree-sitter's releases.

v0.26.9

What's Changed

• ci(actions): bump actions/cache to v5 by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5482
• build(deps): bump wasmtime-c-api to v36.0.7 by @​WillLillis in tree-sitter/tree-sitter#5514
• fix(loader): allow filenames with dots by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5538
• fix(rust): fix new clippy lints by @​WillLillis in tree-sitter/tree-sitter#5539
• test: bump c test fixture to v0.24.2 by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5542
• fix(generate): pass default optimization level in generate_parser_for_grammar by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5543
• feat(dist): enable install via cargo binstall (#5533) by @​clason in tree-sitter/tree-sitter#5544
• Prevent a buffer over-read when parsing 4-byte UTF-16 characters. by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5549
• fix(query): overflow in capture pool ids + some perf by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5555
• docs: note zero point unbounded behavior in query functions by @​WillLillis in tree-sitter/tree-sitter#5563
• build(deps): bump wasmtime-c-api to v36.0.8 by @​clason in tree-sitter/tree-sitter#5574
• fix(cli): account for process versions > 5 in the parse command's pretty debug output. by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5577
• fix(generate): improve error message for nonterminals used in immediate token rule by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5583
• fix(generate): rewrite parse_grammar with forward DFS by @​WillLillis in tree-sitter/tree-sitter#5584
• fix(wasm): load supertype tables for ABI 15 grammars by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5606
• build(deps): bump wasmtime-c-api to v36.0.9 by @​clason in tree-sitter/tree-sitter#5611
• Validate Wasm language memory reads by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5613
• release v0.26.9 by @​clason in tree-sitter/tree-sitter#5612

Full Changelog: tree-sitter/tree-sitter@v0.26.8...v0.26.9

Commits

• 7f53486 release v0.26.9
• 77b96de fix(wasm): validate memory reads (#5569) (#5613)
• a082228 build(deps): bump wasmtime-c-api to v36.0.9
• 7aea015 fix(wasm): load supertype tables for ABI 15 grammars (#5605) (#5606)
• 2cad8b8 fix(generate): consider reserved words when removing unused rules
• ddbe469 fix(generate): rewrite parse_grammar with forward DFS
• 17f9796 fix(generate): improve error message for nonterminals used in immediate token...
• 17e4bf9 fix(cli): account for process versions > 5 in the parse command's pretty
• ec120d0 build(deps): bump wasmtime-c-api to v36.0.8
• 7c3d842 docs: note zero point unbounded behavior in query functions
• Additional commits viewable in compare view

Updates rmcp from 1.6.0 to 1.7.0

Release notes

Sourced from rmcp's releases.

rmcp-macros-v1.7.0

Added

• add task-based stdio examples (#839)

rmcp-v1.7.0

Added

• add task-based stdio examples (#839)

Fixed

• (rmcp) flatten Resource variant of PromptMessageContent (#843)
• reply -32700 on stdio parse errors instead of closing (#833)

Other

• (rmcp) remove dependency on chrono default features (#829)
• Fix/issue 817 idle timeout log level (#824)

Commits

• 3529c36 chore: release v1.6.1 (#831)
• d695046 fix: enable task support on counter long_task example (#838)
• 5ccdfc0 feat: add task-based stdio examples (#839)
• d83b156 fix(rmcp): flatten Resource variant of PromptMessageContent (#843)
• 321ab14 fix: reply -32700 on stdio parse errors instead of closing (#833)
• 0f776ab chore(rmcp): remove dependency on chrono default features (#829)
• 3bf5298 ci: extend semver check to all features except local (#832)
• 88df9af chore(deps): update askama requirement from 0.15 to 0.16 (#830)
• 2f8d3b7 Fix/issue 817 idle timeout log level (#824)
• See full diff in compare view

Updates serde_json from 1.0.149 to 1.0.150

Release notes

Sourced from serde_json's releases.

v1.0.150

• Reject non-string enum object keys (#1324, thanks @​puneetdixit200)

Commits

• a1ae73a Release 1.0.150
• 1a360b0 Merge pull request #1324 from puneetdixit200/reject-non-string-enum-keys
• 2037b63 Reject non-string enum object keys
• 5d30df6 Resolve manual_assert_eq pedantic clippy lint
• dc8003a Raise required compiler for preserve_order feature to 1.85
• a42fa98 Unpin CI miri toolchain
• 684a60e Pin CI miri to nightly-2026-02-11
• 7c7da33 Raise required compiler to Rust 1.71
• acf4850 Simplify Number::is_f64
• 6b8ceab Resolve unnecessary_map_or clippy lint
• Additional commits viewable in compare view

Updates assert_cmd from 2.2.1 to 2.2.2

Changelog

Sourced from assert_cmd's changelog.

[2.2.2] - 2026-05-11

Fixes

• Ensure #[track_caller] works for better panic messages

Commits

• feece89 chore: Release assert_cmd version 2.2.2
• 367cdf7 docs: Update changelog
• a98cc85 Merge pull request #289 from marcospb19/track_caller
• cd2e167 fix: .success() not reporting panic location
• 45a1c74 chore(deps): Update Prek to v0.3.13 (#293)
• f1d9b5b chore(deps): Update Prek to v0.3.12 (#292)
• 1d34bab Merge pull request #291 from epage/template
• d9a70ad style: Make clippy happy
• 4f5b5af chore: Update from _rust template
• 1e1d586 chore(renovate): Fix the tag
• Additional commits viewable in compare view

Updates openblas-src from 0.10.15 to 0.10.16

Release notes

Sourced from openblas-src's releases.

openblas-src-v0.10.16

What's Changed

• Plumb DYNAMIC_ARCH through openblas-build::Configure (previously dead field) and expose the threading-related build flags DYNAMIC_ARCH, USE_THREAD, USE_OPENMP, USE_LOCKING, NUM_THREADS, and NUM_PARALLEL via the corresponding OPENBLAS_* env vars in openblas-src. Fixes #106 and picks up the work abandoned in #72 by @​michael-h-shaham in blas-lapack-rs/openblas-src#152
• Add rustls/native-tls feature flags for download TLS provider by @​pushrax in blas-lapack-rs/openblas-src#154
• Bump tar from 0.4.38 to 0.4.45 to fix RUSTSEC-2026-0067 and RUSTSEC-2026-0068 by @​Dirreke in blas-lapack-rs/openblas-src#157

New Contributors

• @​michael-h-shaham made their first contribution in blas-lapack-rs/openblas-src#152
• @​pushrax made their first contribution in blas-lapack-rs/openblas-src#154

Full Changelog: blas-lapack-rs/openblas-src@openblas-src-v0.10.15...openblas-src-v0.10.16

Changelog

Sourced from openblas-src's changelog.

0.10.16 - 2026-05-08

What's Changed

• Plumb DYNAMIC_ARCH through openblas-build::Configure (previously dead field) and expose the threading-related build flags DYNAMIC_ARCH, USE_THREAD, USE_OPENMP, USE_LOCKING, NUM_THREADS, and NUM_PARALLEL via the corresponding OPENBLAS_* env vars in openblas-src. Fixes #106 and picks up the work abandoned in #72 by @​michael-h-shaham in blas-lapack-rs/openblas-src#152
• Add rustls/native-tls feature flags for download TLS provider by @​pushrax in blas-lapack-rs/openblas-src#154
• Bump tar from 0.4.38 to 0.4.45 to fix RUSTSEC-2026-0067 and RUSTSEC-2026-0068 by @​Dirreke in blas-lapack-rs/openblas-src#157

New Contributors

• @​michael-h-shaham made their first contribution in blas-lapack-rs/openblas-src#152
• @​pushrax made their first contribution in blas-lapack-rs/openblas-src#154

Commits

• 98ff41d Merge pull request #158 from Dirreke/bump-version
• b5b3325 release 0.10.16
• ad88b58 Merge pull request #157 from Dirreke/bump-openblas
• 2896af9 Bump tar from 0.4.38 to 0.4.45, due to RUSTSEC-2026-0067 and RUSTSEC-2026-0068
• 9922ed4 Merge pull request #156 from blas-lapack-rs/revert-155-bump-openblas
• ea77744 Revert "Bump tar from 0.4.38 to 0.4.45 to fix RUSTSEC-2026-0067 and RUSTSEC-2...
• ab45acf Merge pull request #155 from Dirreke/bump-openblas
• 15ae68b Bump tar from 0.4.38 to 0.4.45, due to RUSTSEC-2026-0067 and RUSTSEC-2026-0068
• 471efd3 Add rustls/native-tls feature flags for download TLS provider
• 121e182 Handle NUM_THREADS, NUM_PARALLEL, and USE_LOCKING
• Additional commits viewable in compare view

Updates memchr from 2.8.0 to 2.8.1

Commits

• ff7dca7 2.8.1
• 016878a target: fix aarch64_be endianness bug
• ee18717 docs: add AI policy for contributors
• db1a77d build(deps): bump actions/checkout in the actions group (#212)
• c8abbe1 Hash-pin all actions, drop persisted credentials (#210)
• 24f5daa lint: fix clippy get_first
• 1708355 lint: fix clippy question_mark
• 5b86d0c lint: fix clippy clone_on_copy
• See full diff in compare view

Updates mimalloc from 0.1.50 to 0.1.52

Release notes

Sourced from mimalloc's releases.

Version 0.1.52

Changes

• Expose mi_stats_get_json().
• Fix ARM compilation.

Version 0.1.51

Changes

• Mimalloc bumped to v3.3.2 and v2.3.2.
• Compile with msvc on windows.

Commits

• abcd2be v0.1.52
• 9db5330 Remove explicit arm instruction set
• d06bd31 Merge pull request #161 from svix-jbrown/feat/stats-json
• eb4a16d simplify API
• e1fd9eb fix up some tests
• 6805298 v0.1.51
• ba2c9b1 Fix extended v3
• 84969eb Merge pull request #160 from Havunen/feat/adjust_build_to_match_mimalloc
• 843b9b2 Updated mimalloc to 3.3.2 and 2.3.2
• da7a09c feat: expose mi_stats_get_json and a safe wrapper around it
• Additional commits viewable in compare view

Updates ureq from 3.2.0 to 3.3.0

Changelog

Sourced from ureq's changelog.

3.3.0

• Bump MSRV 1.71 -> 1.85, edition 2024 #1167

3.2.1

• Switch archived utf-8 crate for utf8-zero #1163

Commits

• b2adbf0 3.3.0
• 7662219 Bump MSRV 1.71 -> 1.85, edition 2024
• eb51f2c 3.2.1
• ad49981 Bump deps to fix cargo-deny RUSTSEC
• 08785cb Switch out utf-8 crate with utf8-zero
• 9ef2153 Clarify that json feature is disabled by default
• eb2539d Fix misleading unsafe wording in crate docs
• b45d3d2 Fix cargo-deny advisory failures
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.