chore(deps): bump the production-dependencies group with 6 updates by dependabot[bot] · Pull Request #230 · developmentseed/cql2-rs

dependabot · 2026-05-25T05:36:04Z

Bumps the production-dependencies group with 6 updates:

Package	From	To
geojson	`0.24.2`	`1.0.0`
geozero	`0.14.0`	`0.15.1`
jiff	`0.2.24`	`0.2.25`
serde_json	`1.0.149`	`1.0.150`
sqlparser	`0.58.0`	`0.62.0`
duckdb	`1.10502.0`	`1.10503.1`

Updates geojson from 0.24.2 to 1.0.0

Changelog

Sourced from geojson's changelog.

v1.0.0 - 2025-03-16
BREAKING: Position is now a struct, rather than a type alias for Vec. The new struct uses the tinyvec crate, which allows for faster GeoJSON processing in the common (2-D) case by avoiding per-coordinate heap allocations.
// BEFORE: Position *was* a Vec. A Vec is always allocated on the heap, which is slow.
let position: Position = vec![1.0, 2.0];
let x = position[0];
// AFTER: Position is its own type, buildable from a Vec.
let position: Position = vec![1.0, 2.0].into();
// index access is unchanged
let x = position[0];
// Alternatively, you can now construct from an Array, avoiding the Vec's heap allocation.
let position: Position = [1.0, 2.0].into();
// equivalently:
let position = Position::from([1.0, 2.0]);
// You can still build 3D+ Positions. These higher dimension coordinates will use Heap storage.
let position = Position::from([1.0, 2.0, 3.0]);
let position = Position::from(vec![1.0, 2.0, 3.0, 4.0, 5.0, 6.0]);
See georust/geojson#222
Substantially speed up parsing (Benches show 30% reduction). This was essentially a rewrite of our deserialization logic. Instead of going from input -> serde_json::JsonObject -> geojson types we now go directly from input -> geojson types.

Deserialization errors now include line number and column position. Before:

Encountered neither number type nor string type for 'id' field on 'feature' object: {} After: Error while deserializing GeoJSON: Feature 'id' must be a string or a number at line 3 column 11

BREAKING: geojson::Error has had many cases removed and some new cases added, reflecting the deserialization rewrite.

BREAKING: TryInto/From implementations for serde_json::Value and serde_json::Object have been removed now that they are not used for deserialization.

type is now the first field when serializing GeoJSON objects.

Since feature.id is optional, we now accept "id: null", whereas previously you were required to omit the id key. Now either is acceptable.

Fix: Return [] instead of [[]] for POLYGON EMPTY.

See georust/geojson#262

Potentially breaking: De/Serializing your custom structs with serde now maps your struct's id field to Feature.id, rather than to Feature.properties.id.

Fix geo_rect_conversion_test to conform to the correctly-wound Polygon output from geo_types::geometry::Rect.to_polygon

... (truncated)

Commits

f6eafed prepare for 1.0.0 release
8c12816 prepare for 0.25.0 release
c64043f simpler docs
fa96c26 update to rust 2024 (#273)
3c362b4 Additional ergonomic constructors (for Geometry and FeatureCollection) (#271)
f5fffd0 Remove methods related to json to/from now that we ser/de directly (#270)
de445d9 Speed up parsing by deserializing directly to geojson (without intermediate s...
a7870db Move code around - no new functionality (#268)
37ea3c9 Merge branch 'mkirk/derive-serialization-3'
67c07a1 derive Serialization rather than manual impls
Additional commits viewable in compare view

Updates geozero from 0.14.0 to 0.15.1

Commits

See full diff in compare view

Updates jiff from 0.2.24 to 0.2.25

Changelog

Sourced from jiff's changelog.

0.2.25 (2026-05-24)

This release updates Jiff's bundled copy of the [IANA Time Zone Database] to 2026b. See the 2026b release announcement for more details.

Commits

See full diff in compare view

Updates serde_json from 1.0.149 to 1.0.150

Release notes

Sourced from serde_json's releases.

v1.0.150

Reject non-string enum object keys (#1324, thanks @puneetdixit200)

Commits

a1ae73a Release 1.0.150
1a360b0 Merge pull request #1324 from puneetdixit200/reject-non-string-enum-keys
2037b63 Reject non-string enum object keys
5d30df6 Resolve manual_assert_eq pedantic clippy lint
dc8003a Raise required compiler for preserve_order feature to 1.85
a42fa98 Unpin CI miri toolchain
684a60e Pin CI miri to nightly-2026-02-11
7c7da33 Raise required compiler to Rust 1.71
acf4850 Simplify Number::is_f64
6b8ceab Resolve unnecessary_map_or clippy lint
Additional commits viewable in compare view

Updates sqlparser from 0.58.0 to 0.62.0

Commits

3dd0e30 chore: Bump version to 0.62.0 and add changelog (#2331)
9833c03 feat(clickhouse): support PARTITION BY after ORDER BY and ARRAY JOIN (#2283)
9550e93 Add Teradata dialect (#2309)
7eba3ca PostgreSQL: Parse optimizer hints in leading comments (#2320)
fa1dae1 Snowflake: Add support for text data type modifiers (#2297)
63e9a33 Redshift: PartiQL AT <index> (#2303)
19a7468 Track Parens\<T>'s span (#2291)
9a70c42 PostgreSQL: Add support for LATERAL ... WITH ORDINALITY (#2304)
53dcc82 Spark SQL: Add SparkSqlDialect (#2305)
9f04ebe Coding agents guidelines (#2298)
Additional commits viewable in compare view

Updates duckdb from 1.10502.0 to 1.10503.1

Release notes

Sourced from duckdb's releases.

v1.10503.1

What's Changed

Avoid Windows mtime restore in bundled builds by @mlafeldt in duckdb/duckdb-rs#766

Add patch-release mode to upgrade script by @mlafeldt in duckdb/duckdb-rs#767

Crate patch release v1.10503.1 by @mlafeldt in duckdb/duckdb-rs#768

Full Changelog: duckdb/duckdb-rs@v1.10503.0...v1.10503.1

v1.10503.0

Highlights

New ergonomic named parameter binding: named_params! macro, &[(&str, &dyn ToSql)] slices, and a generic HashMap Params impl.

New build env vars: DUCKDB_DISABLE_EXTENSION_LOAD=1 disables extension install/load, and DUCKDB_DISABLE_JEMALLOC=1 opts bundled-cmake builds out of jemalloc (now re-enabled by default on supported targets).

FFI soundness: typed vector slice/set_child APIs are now unsafe; DuckDB-owned C strings use RAII; binding unsupported Value variants errors instead of panicking.

ArrowVTab view rebinds no longer dereference freed Arrow FFI memory.

vtab::Value gains typed primitive getters and to_list() -> Option<Vec<Value>>.

Bundled DuckDB upgraded to v1.5.3 (adds VARIANT metadata).

What's Changed

Fix unsound vector slice API by @mlafeldt in duckdb/duckdb-rs#745

Refine vtab::Value API from #676 by @mlafeldt in duckdb/duckdb-rs#747

Build out vtab::Value to enable more diverse parameters to Table Functions by @marksomething in duckdb/duckdb-rs#676

Bump rustls-webpki from 0.103.11 to 0.103.13 by @dependabot[bot] in duckdb/duckdb-rs#744

Add ergonomic named parameter binding by @mlafeldt in duckdb/duckdb-rs#748

Implement Params for HashMap and serde_json::Value by @ryanschneider in duckdb/duckdb-rs#615

Harden DuckDB-owned string handling at FFI boundaries by @mlafeldt in duckdb/duckdb-rs#750

Update Rust to 1.95 by @mlafeldt in duckdb/duckdb-rs#751

Stop panicking when binding/appending unsupported Value variants by @mlafeldt in duckdb/duckdb-rs#749

Fix ArrowVTab view rebind lifetime by @mlafeldt in duckdb/duckdb-rs#754

Retain ArrowVTab batches for sanitizer visibility by @mlafeldt in duckdb/duckdb-rs#755

Pass Rust edition to rust.vim for proper formatting by @mlafeldt in duckdb/duckdb-rs#756

Make DuckDB source archive reproducible by @mlafeldt in duckdb/duckdb-rs#759

Change LogicalTypeHandle::set_alias to take &mut self by @vergenzt in duckdb/duckdb-rs#758

libduckdb-sys: expose DEP_DUCKDB_INCLUDE for downstream C/C++ shims by @frhack in duckdb/duckdb-rs#753

Update DuckDB to v1.5.3 by @mlafeldt in duckdb/duckdb-rs#760

Allow to disable extension install/load support by @mlafeldt in duckdb/duckdb-rs#738

Use improved upstream extension loader by @mlafeldt in duckdb/duckdb-rs#746

Stop disabling jemalloc in bundled-cmake builds by @mlafeldt in duckdb/duckdb-rs#762

Add bundled-cmake jemalloc escape hatch by @mlafeldt in duckdb/duckdb-rs#763

New Contributors

@marksomething made their first contribution in duckdb/duckdb-rs#676

@ryanschneider made their first contribution in duckdb/duckdb-rs#615

@vergenzt made their first contribution in duckdb/duckdb-rs#758

@frhack made their first contribution in duckdb/duckdb-rs#753

Full Changelog: duckdb/duckdb-rs@v1.10502.0...v1.10503.0

Commits

3191caa Crate patch release v1.10503.1 (#768)
c67fcab Tighten bundled-cmake docs
b274f16 Crate patch release v1.10503.1
22bf6ce Add patch-release mode to upgrade script (#767)
e5c6785 Harden upgrade script validation
7e5749f Document patch-compatible version requirements
310fb00 Add patch-release mode to upgrade script
2f11774 Avoid Windows mtime restore in bundled builds (#766)
ee8c88c Avoid Windows mtime restore in bundled builds
1d999dd Add bundled-cmake jemalloc escape hatch (#763)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the production-dependencies group with 6 updates: | Package | From | To | | --- | --- | --- | | [geojson](https://github.com/georust/geojson) | `0.24.2` | `1.0.0` | | [geozero](https://github.com/georust/geozero) | `0.14.0` | `0.15.1` | | [jiff](https://github.com/BurntSushi/jiff) | `0.2.24` | `0.2.25` | | [serde_json](https://github.com/serde-rs/json) | `1.0.149` | `1.0.150` | | [sqlparser](https://github.com/apache/datafusion-sqlparser-rs) | `0.58.0` | `0.62.0` | | [duckdb](https://github.com/duckdb/duckdb-rs) | `1.10502.0` | `1.10503.1` | Updates `geojson` from 0.24.2 to 1.0.0 - [Changelog](https://github.com/georust/geojson/blob/main/CHANGES.md) - [Commits](georust/geojson@0.24.2...v1.0.0) Updates `geozero` from 0.14.0 to 0.15.1 - [Commits](https://github.com/georust/geozero/commits) Updates `jiff` from 0.2.24 to 0.2.25 - [Release notes](https://github.com/BurntSushi/jiff/releases) - [Changelog](https://github.com/BurntSushi/jiff/blob/master/CHANGELOG.md) - [Commits](https://github.com/BurntSushi/jiff/commits) Updates `serde_json` from 1.0.149 to 1.0.150 - [Release notes](https://github.com/serde-rs/json/releases) - [Commits](serde-rs/json@v1.0.149...v1.0.150) Updates `sqlparser` from 0.58.0 to 0.62.0 - [Changelog](https://github.com/apache/datafusion-sqlparser-rs/blob/main/CHANGELOG.md) - [Commits](apache/datafusion-sqlparser-rs@v0.58.0...v0.62.0) Updates `duckdb` from 1.10502.0 to 1.10503.1 - [Release notes](https://github.com/duckdb/duckdb-rs/releases) - [Commits](duckdb/duckdb-rs@v1.10502.0...v1.10503.1) --- updated-dependencies: - dependency-name: geojson dependency-version: 1.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: geozero dependency-version: 0.15.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: jiff dependency-version: 0.2.25 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: serde_json dependency-version: 1.0.150 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: sqlparser dependency-version: 0.62.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: duckdb dependency-version: 1.10503.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels May 25, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the production-dependencies group with 6 updates#230

chore(deps): bump the production-dependencies group with 6 updates#230
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/production-dependencies-71a6aa8c34

dependabot Bot commented on behalf of github May 25, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 25, 2026

v1.0.0 - 2025-03-16

0.2.25 (2026-05-24)

v1.0.150

v1.10503.1

What's Changed

v1.10503.0

Highlights

What's Changed

New Contributors

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants