cargo(deps): bump the production-dependencies group with 7 updates

[dependabot]

Bumps the production-dependencies group with 7 updates:

Package	From	To
clap	4.5.57	4.6.1
config	0.15.19	0.15.22
chrono	0.4.43	0.4.44
minijinja	2.15.1	2.19.0
tantivy	0.25.0	0.26.1
scraper	0.25.0	0.26.0
tempfile	3.24.0	3.27.0

Updates clap from 4.5.57 to 4.6.1

Release notes

Sourced from clap's releases.

v4.6.1

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

v4.5.60

[4.5.60] - 2026-02-19

Fixes

• (help) Quote empty default values, possible values

v4.5.59

[4.5.59] - 2026-02-16

Fixes

• Command::ignore_errors no longer masks help/version on subcommands

v4.5.58

[4.5.58] - 2026-02-11

Changelog

Sourced from clap's changelog.

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

[4.6.0] - 2026-03-12

Compatibility

• Update MSRV to 1.85

[4.5.61] - 2026-03-12

Internal

• Update dependencies

[4.5.60] - 2026-02-19

Fixes

• (help) Quote empty default values, possible values

[4.5.59] - 2026-02-16

Fixes

• Command::ignore_errors no longer masks help/version on subcommands

[4.5.58] - 2026-02-11

Commits

• 1420275 chore: Release
• d2c817d docs: Update changelog
• f88c94e Merge pull request #6341 from epage/sep
• acbb822 fix(complete): Reduce risk of conflict with actual subcommands
• a49fadb refactor(complete): Pull out subcommand separator
• ddc008b Merge pull request #6332 from epage/update
• 497dc50 chore: Update compatible dependencies
• dca2326 Merge pull request #6331 from clap-rs/renovate/j178-prek-action-2.x
• 54bdaa3 chore(deps): Update j178/prek-action action to v2
• f0d30d9 chore: Release
• Additional commits viewable in compare view

Updates config from 0.15.19 to 0.15.22

Changelog

Sourced from config's changelog.

[0.15.22] - 2026-03-17

Documentation

• Polish examples

Internal

• Update winnow

[0.15.21] - 2026-03-12

Compatibility

• Bump MSRV to 1.85

[0.15.20] - 2026-03-12

Fixes

• Serialize the full u64 range

Internal

• (toml) Update to 1.0

Commits

• 7293108 chore: Release config version 0.15.22
• 6b82b25 docs: Update changelog
• 2ae46e4 chore: Update to Winnow 1.0.0 (#745)
• 28690ea chore: Update to Winnow 1.0.0
• 1f579ee docs(examples): Clean up (#744)
• c7b1b10 docs(examples): Consoldate env examples
• 5aa9638 docs(examples): Clarify intent
• fcc5cd8 docs(examples): Better organize examples
• 4e8637c docs(examples): Be consistent in env prefix
• 395a9ff docs(examples): Flatten examples
• Additional commits viewable in compare view

Updates chrono from 0.4.43 to 0.4.44

Release notes

Sourced from chrono's releases.

0.4.44

What's Changed

• docs: match MSRV with Cargo.toml contents by @​coryan in chronotope/chrono#1772
• Add track_caller to non-deprecated functions by @​svix-jplatte in chronotope/chrono#1774

Commits

• c14b459 Bump version to 0.4.44
• ea832c5 Add track_caller to non-deprecated functions
• cfae889 Fix panic message in to_rfc2822
• f8900b5 docs: match MSRV with Cargo.toml contents
• See full diff in compare view

Updates minijinja from 2.15.1 to 2.19.0

Release notes

Sourced from minijinja's releases.

2.17.0

Release Notes

• Added 'c' (character) format type support for format filters and str.format-style formatting. #868
• Added prebuilt minijinja-cli release targets for aarch64-pc-windows-msvc (Windows ARM64) and armv7-unknown-linux-gnueabihf.
• Fixed strict and semi-strict undefined handling so string-coercing filter/function arguments also fail for nested Rest<String> and Vec<String> conversions. #877
• Fixed Python CI/build compatibility with newer maturin by moving stripping from global config to release wheel build arguments.

Install minijinja-cli 2.17.0

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/mitsuhiko/minijinja/releases/download/minijinja-go/v2.17.0/minijinja-cli-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/mitsuhiko/minijinja/releases/download/minijinja-go/v2.17.0/minijinja-cli-installer.ps1 | iex"

Download minijinja-cli 2.17.0

File	Platform	Checksum
minijinja-cli-aarch64-apple-darwin.tar.xz	Apple Silicon macOS	checksum
minijinja-cli-x86_64-apple-darwin.tar.xz	Intel macOS	checksum
minijinja-cli-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
minijinja-cli-i686-pc-windows-msvc.zip	x86 Windows	checksum
minijinja-cli-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
minijinja-cli-aarch64-unknown-linux-gnu.tar.xz	ARM64 Linux	checksum
minijinja-cli-i686-unknown-linux-gnu.tar.xz	x86 Linux	checksum
minijinja-cli-x86_64-unknown-linux-gnu.tar.xz	x64 Linux	checksum
minijinja-cli-armv7-unknown-linux-gnueabihf.tar.xz	ARMv7 Linux	checksum
minijinja-cli-aarch64-unknown-linux-musl.tar.xz	ARM64 MUSL Linux	checksum
minijinja-cli-i686-unknown-linux-musl.tar.xz	x86 MUSL Linux	checksum
minijinja-cli-x86_64-unknown-linux-musl.tar.xz	x64 MUSL Linux	checksum

2.16.0

Release Notes

• Added musllinux wheel builds for Python release artifacts.
• Fixed |escape to honor custom formatters. #861
• Aligned undefined behavior handling in the Go port with Rust.
• Removed non-Rust keys and values filters from the Go port for parity. #863

Install minijinja-cli 2.16.0

Install prebuilt binaries via shell script

... (truncated)

Changelog

Sourced from minijinja's changelog.

2.19.0

• Fixed strict undefined behavior for comparison operators (such as ==), string concatenation (~), and undefined needles in the in operator to better match Jinja2. #886 #888
• Fixed the default filter in strict undefined mode so an explicitly passed undefined fallback argument errors instead of being treated like a missing argument. #887

2.18.0

• Added keyword argument support (width, first, blank) to the indent filter for Jinja2 compatibility in Rust and Go. #864
• Added support for dotted integer lookup (for example foo.0) in Rust and Go for Jinja compatibility. #881
• Added support for dotted filter and test names (including foo . bar . baz) for Jinja compatibility. #879
• Fixed string escape handling to preserve unknown escapes (such as \s) for Jinja compatibility in Rust and Go. #880
• Improved generic performance across template parsing, compilation, and rendering.
• Fixed minijinja-cabi ownership and pointer-safety issues that could leak mj_value values on error paths.
• Added high-priority minijinja-cabi APIs for callback-based functions/filters/tests, globals, loaders, path joining, auto-escape configuration, and fuel limits.
• Switched minijinja-cabi header maintenance to manual source-based syncing and removed cbindgen-based generation tooling.
• Added lightweight C smoke tests for minijinja-cabi (via make -C minijinja-cabi test) with coverage across all exported C ABI functions, and wired them into top-level testing and CI.
• Added render_captured and render_captured_to methods on Template which return a Captured type holding the rendered output and the template state.
• Added into_output method on Captured to consume and return the output string.
• Deprecated render_and_return_state, eval_to_state, and render_to_write in favor of the new render_captured / render_captured_to / Captured API.

2.17.1

• Re-release of 2.17.0 to fix release automation.
• Switched npm publishing to trusted publishing (OIDC/provenance) and removed token-based auth from CI.
• Prevented duplicate crates.io publish attempts by skipping slash-prefixed tags in crates publishing.

2.17.0

• Added 'c' (character) format type support for format filters and str.format-style formatting. #868
• Added prebuilt minijinja-cli release targets for aarch64-pc-windows-msvc (Windows ARM64) and armv7-unknown-linux-gnueabihf.
• Fixed strict and semi-strict undefined handling so string-coercing filter/function arguments also fail for nested Rest<String> and Vec<String> conversions. #877
• Fixed Python CI/build compatibility with newer maturin by moving stripping from global config to release wheel build arguments.

2.16.0

• Added musllinux wheel builds for Python release artifacts.
• Fixed |escape to honor custom formatters. #861
• Aligned undefined behavior handling in the Go port with Rust.
• Removed non-Rust keys and values filters from the Go port for parity. #863

Commits

• f15dc1e chore(release): 2.19.0
• e04d276 fix(undefined): align strict undefined behavior with Jinja2
• 92f114d release 2.18.0
• 80d30a7 refactor(vendor): prune unused self_cell API surface
• 50ce37a fix: typos
• 24891e1 feat(filters): add kwargs support to indent filter for Jinja2 parity
• 4cca670 refactor: deprecate render_to_write in favor of render_captured_to
• ac88f8e fix: correct typo render_capturedd_to -> render_captured_to
• 710137b chore: remove dead_code allow and unused MutBorrow from vendored self_cell
• 39d00e6 feat: Added new capture methods for state
• Additional commits viewable in compare view

Updates tantivy from 0.25.0 to 0.26.1

Changelog

Sourced from tantivy's changelog.

Tantivy 0.26.1

Performance

• Fix quadratic runtime in nested term and composite aggregations: memory accounting scanned all parent buckets on every collect instead of just the current parent (@​PSeitz @​fulmicoton)

Tantivy 0.26 (Unreleased)

Bugfixes

• Align float query coercion during search with the columnar coercion rules #2692(@​fulmicoton)
• Fix lenient elastic range queries with trailing closing parentheses #2816(@​evance-br)
• Fix intersection seek() advancing below current doc id #2812(@​fulmicoton)
• Fix phrase query prefixed with * #2751(@​Darkheir)
• Fix vint buffer overflow during index creation #2778(@​rebasedming)
• Fix integer overflow in ExpUnrolledLinkedList for large datasets #2735(@​mdashti)
• Fix integer overflow in segment sorting and merge policy truncation #2846(@​anaslimem)
• Fix merging of intermediate aggregation results #2719(@​PSeitz)
• Fix deduplicate doc counts in term aggregation for multi-valued fields #2854(@​nuri-yoo)

Features/Improvements

• Aggregation
  • Add filter aggregation #2711(@​mdashti)
  • Add include/exclude filtering for term aggregations #2717(@​PSeitz)
  • Add public accessors for intermediate aggregation results #2829(@​congx4)
  • Replace HyperLogLog++ with Apache DataSketches HLL for cardinality aggregation #2837 #2842(@​congx4)
  • Add composite aggregation #2856(@​fulmicoton)
• Fast Fields
  • Add fast field fallback for TermQuery when the field is not indexed #2693(@​PSeitz-dd)
  • Add fast field support for Bytes values #2830(@​mdashti)
• Query Parser
  • Add support for regexes in the query grammar #2677 #2818(@​Darkheir)
  • Deduplicate queries in query parser #2698(@​PSeitz-dd)
• Add erased SortKeyComputer for sorting on column types unknown until runtime #2770 #2790(@​stuhood @​PSeitz)
• Add natural-order-with-none-highest support in TopDocs::order_by #2780(@​stuhood)
• Move stemming behing stemmer feature flag #2791(@​fulmicoton)
• Make DeleteMeta, AddOperation, advance_deletes, with_max_doc, serializer module, and delete_queue public #2762 #2765 #2766 #2835(@​philippemnoel @​PSeitz)
• Make Language hashable #2763(@​philippemnoel)
• Improve space_usage reporting for JSON fields and columnar data #2761(@​PSeitz-dd)
• Split Term into Term and IndexingTerm #2744 #2750(@​PSeitz-dd @​PSeitz)

Performance

• Aggregation
  • Large speed up and memory reduction for nested high cardinality aggregations by using one collector per request instead of one per bucket, and adding PagedTermMap for faster medium cardinality term aggregations #2715 #2759(@​PSeitz @​PSeitz-dd)
  • Optimize low-cardinality term aggregations by using a Vec instead of a HashMap #2740(@​fulmicoton-dd)
• Optimize ExistsQuery for a high number of dynamic columns #2694(@​PSeitz-dd)
• Add lazy scorers to stop score evaluation early when a doc won't reach the top-K threshold #2726 #2777(@​fulmicoton @​stuhood)
• Add DocSet::cost() and use it to order scorers in intersections #2707(@​PSeitz)
• Add collect_block support for collector wrappers #2727(@​stuhood)
• Optimize saturated posting lists by replacing them with AllScorer in boolean queries #2745 #2760 #2774(@​fulmicoton @​mdashti @​trinity-1686a)

... (truncated)

Commits

• See full diff in compare view

Updates scraper from 0.25.0 to 0.26.0

Release notes

Sourced from scraper's releases.

v0.26.0

What's Changed

• fix dom manipulation example by @​JayceFayne in rust-scraper/scraper#292
• Bump selectors from 0.33.0 to 0.35.0 by @​dependabot[bot] in rust-scraper/scraper#298
• Bump indexmap from 2.12.1 to 2.13.0 by @​dependabot[bot] in rust-scraper/scraper#294
• Upgrade ego-tree to 0.11.0 and html5ever to 0.37.1 by @​cfvescovo in rust-scraper/scraper#300
• Bump html5ever from 0.37.1 to 0.38.0 by @​mohe2015 in rust-scraper/scraper#303
• Bump selectors from 0.35.0 to 0.36.0 by @​dependabot[bot] in rust-scraper/scraper#307
• Bump html5ever from 0.38.0 to 0.39.0 by @​dependabot[bot] in rust-scraper/scraper#308
• Version 0.26.0 by @​adamreichold in rust-scraper/scraper#306

New Contributors

• @​JayceFayne made their first contribution in rust-scraper/scraper#292

Full Changelog: rust-scraper/scraper@v0.25.0...v0.26.0

Commits

• 170cdd3 Merge pull request #306 from rust-scraper/bump
• bca1839 Bump html5ever from 0.38.0 to 0.39.0
• d07444e Bump selectors from 0.35.0 to 0.36.0 (#307)
• 637a8d3 Version 0.26.0
• f3132d9 Bump html5ever from 0.37.1 to 0.38.0
• ff2ea51 cargo fmt
• 7d14577 Edition 2024
• 60cd9e7 Merge pull request #300 from rust-scraper/upgrade-ego-tree-html5ever
• ba8f3fc Upgrade ego-tree to 0.11.0 and html5ever to 0.37.1
• a2cfbe4 Bump indexmap from 2.12.1 to 2.13.0
• Additional commits viewable in compare view

Updates tempfile from 3.24.0 to 3.27.0

Changelog

Sourced from tempfile's changelog.

3.27.0

This release adds TempPath::try_from_path and deprecates TempPath::from_path.

Prior to this release, TempPath::from_path made no attempts to convert relative paths into absolute paths. The following code would have deleted the wrong file:

let tmp_path = TempPath::from_path("foo")
std::env::set_current_dir("/some/other/path").unwrap();
drop(tmp_path);

Now:

1. TempPath::from_path will attempt to convert relative paths into absolute paths. However, this isn't always possible as we need to call std::env::current_dir, which can fail. If we fail to convert the relative path to an absolute path, we simply keep the relative path.
2. The TempPath::try_from_path behaves exactly like TempPath::from_path, except that it returns an error if we fail to convert a relative path into an absolute path (or if the passed path is empty).

Neither function attempt to verify the existence of the file in question.

Thanks to @​meng-xu-cs for reporting this issue.

3.26.0

• Support NamedTempFile::persist on RedoxOS (#393) (thanks to @​Andy-Python-Programmer).

3.25.0

• Allow getrandom 0.4.x while retaining support for getrandom 0.3.x.

Commits

• 5c8fa12 chore: release 3.27.0
• e34e574 test: disable uds conflict test on redox
• 772c795 test: add CWD guards
• 2632fb9 fix: resolve relative paths when constructing TempPath
• 929a112 chore: release 3.26.0
• 29d6ac5 Add Redox OS CI (#394)
• 375067f doc(README): document supported platforms
• d353717 feat(redox): implement persist() (#393)
• 64114d7 Fix typos in documentation (#392)
• 9a38b8d chore: release 3.25.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.