build(deps): bump the prod-cargo-minor-dependencies group across 1 directory with 8 updates

[dependabot]

Bumps the prod-cargo-minor-dependencies group with 8 updates in the / directory:

Package	From	To
duckdb	1.4.4	1.10501.0
chrono	0.4.43	0.4.44
indexmap	2.13.0	2.14.0
libc	0.2.183	0.2.185
pulldown-cmark	0.13.0	0.13.3
rustls	0.23.37	0.23.38
semver	1.0.27	1.0.28
tokio-postgres	0.7.16	0.7.17

Updates duckdb from 1.4.4 to 1.10501.0

Release notes

Sourced from duckdb's releases.

v1.10501.0

Highlights

• New profiling metrics API: collect query profiling data (timing, row counts, operator tree) via Connection.
• Removed deprecated arrow2 exposure: step2() is gone. Use query_polars() for Polars DataFrames or step() for raw arrow-rs access. Breaking change.
• duckdb_entrypoint_c_api macro now suppresses the clippy::missing_safety_doc lint automatically.
• Upgraded to Arrow 58 and bundled DuckDB v1.5.1.

What's Changed

• duckdb_entrypoint_c_api: suppress missing_safety_doc lint by @​mlafeldt in duckdb/duckdb-rs#704
• Clarify MSRV policy under new versioning by @​mlafeldt in duckdb/duckdb-rs#705
• Update deps for development by @​mlafeldt in duckdb/duckdb-rs#706
• Add support for collecting profiling metrics by @​Maxxen in duckdb/duckdb-rs#707
• Profiling metrics follow-up by @​Maxxen in duckdb/duckdb-rs#712
• chore: update to arrow v58 by @​gadomski in duckdb/duckdb-rs#702
• Remove direct arrow2 exposure by @​mlafeldt in duckdb/duckdb-rs#698
• Adapt upgrade.sh scripts to new versioning by @​mlafeldt in duckdb/duckdb-rs#717
• Update DuckDB to v1.5.1 by @​mlafeldt in duckdb/duckdb-rs#718

New Contributors

• @​gadomski made their first contribution in duckdb/duckdb-rs#702

Full Changelog: duckdb/duckdb-rs@v1.10500.0...v1.10501.0

v1.10500.0

[!WARNING] New crate versioning scheme. Crate versions now encode the DuckDB version in their second semver component (1.MAJOR_MINOR_PATCH.x), allowing patch releases independent of DuckDB. For example, DuckDB v1.5.0 maps to crate version 1.10500.x.

Highlights

• Full rust_decimal::Decimal support: FromSql, ToSql, and Appender binding for decimal values.
• Params implemented for tuples (up to arity 16), enabling conn.execute("...", (a, b, c)) syntax.
• ENUM columns now support FromSql<String> directly.
• Date32 and Time64 can now be bound in prepared statements.
• Loadable extensions need only a single duckdb crate dependency; eliminated .unwrap() panic paths in duckdb_entrypoint_c_api macro.
• Fix: cloned database handles now keep the original db handle alive (fixes #312).
• Fix: chrono datetime writes normalized to UTC.
• Upgraded to Rust edition 2024, Arrow 57, and bundled DuckDB v1.5.0.

What's Changed

• Allow to write extension using a single crate dependency by @​mlafeldt in duckdb/duckdb-rs#674
• Update authors to include DuckDB Labs and contributors by @​mlafeldt in duckdb/duckdb-rs#675
• Upgrade to arrow 57 by @​mjgarton in duckdb/duckdb-rs#631
• Bump bytes from 1.11.0 to 1.11.1 by @​dependabot[bot] in duckdb/duckdb-rs#677
• Fix: keep db handle alive for clones by @​mlafeldt in duckdb/duckdb-rs#678
• Simplify ASan CI job by @​mlafeldt in duckdb/duckdb-rs#685
• Allow binding Date32 and Time64 by @​ultrabear in duckdb/duckdb-rs#682
• Rust 2024 by @​mlafeldt in duckdb/duckdb-rs#686
• Remove stale copyright years from README by @​mlafeldt in duckdb/duckdb-rs#688
• Verify MSRV in CI by @​mlafeldt in duckdb/duckdb-rs#687
• Implement Params for tuples by @​mlafeldt in duckdb/duckdb-rs#689
• Fix MSRV CI: disable cargo bin caching by @​mlafeldt in duckdb/duckdb-rs#690

... (truncated)

Commits

• a0ada45 Update DuckDB to v1.5.1 (#718)
• 906a18c Update DuckDB to v1.5.1
• 0891c29 Adapt upgrade.sh scripts to new versioning (#717)
• 54a22f4 Adapt upgrade.sh scripts to new versioning
• bcadfeb Remove direct arrow2 exposure (#698)
• 25c9461 cargo fmt
• 7e90b33 Clean up polars step_polars internals
• fd67021 Narrow ComputeError catch to only match empty-array case
• 71b3887 Remove direct arrow2 exposure
• bb3086a chore: update to arrow v58 (#702)
• Additional commits viewable in compare view

Updates chrono from 0.4.43 to 0.4.44

Release notes

Sourced from chrono's releases.

0.4.44

What's Changed

• docs: match MSRV with Cargo.toml contents by @​coryan in chronotope/chrono#1772
• Add track_caller to non-deprecated functions by @​svix-jplatte in chronotope/chrono#1774

Commits

• c14b459 Bump version to 0.4.44
• ea832c5 Add track_caller to non-deprecated functions
• cfae889 Fix panic message in to_rfc2822
• f8900b5 docs: match MSRV with Cargo.toml contents
• See full diff in compare view

Updates indexmap from 2.13.0 to 2.14.0

Changelog

Sourced from indexmap's changelog.

2.14.0 (2026-04-09)

• MSRV: Rust 1.85.0 or later is now required.
• Updated the hashbrown dependency to 0.17.
• Made more map::Slice methods const: new_mut, first_mut, last_mut, split_at_mut, split_at_mut_checked, split_first_mut, split_last_mut

2.13.1 (2026-04-02)

• Made some Slice methods const:
  • map::Slice::{first,last,split_at,split_at_checked,split_first,split_last}
  • set::Slice::{first,last,split_at,split_at_checked,split_first,split_last}

Commits

• bcd165b Merge pull request #439 from cuviper/release-2.14.0
• 4ef06a7 Release 2.14.0
• d21826c Merge pull request #438 from cuviper/hashbrown-0.17
• 2566bec Upgrade to hashbrown v0.17
• 4b62776 Merge pull request #437 from cuviper/disjoint-panic
• 478fba2 Normalize the panic doc of get_disjoint_mut
• fb6dafd Merge pull request #436 from cuviper/const-slice-mut
• 5c237a2 Make Slice::{first,last,split_*}_mut methods const
• 48ff9ce Merge pull request #435 from cuviper/edition-2024
• 648be98 cargo fmt with edition 2024
• Additional commits viewable in compare view

Updates libc from 0.2.183 to 0.2.185

Release notes

Sourced from libc's releases.

0.2.185

Added

• EspIDF: Add espidf_picolibc cfg for picolibc O_* flag values (#5035)
• Hexagon: add missing constants and fix types for linux-musl (#5042)
• Redox: Add semaphore functions (#5051)
• Windows: Add sprintf, snprintf, and the scanf family (#5024)

Fixed

• Hexagon: Decouple time64 types from musl symbol redirects (#5040)
• Horizon: Change POLL constants from c_short to c_int (#5045)

0.2.184

MSRV

This release increases the MSRV of libc to 1.65. With this update, you can now always use the core::ffi::c_* types with libc definitions, since libc has been changed to reexport from core rather than redefining them. (This usually worked before but had edge cases.) (#4972)

Added

• BSD: Add IP_MINTTL to bsd (#5026)
• Cygwin: Add TIOCM_DSR (#5031)
• FreeBSD: Added xfile structe and file descriptor types (#5002)
• Linux: Add CAN netlink bindings (#5011)
• Linux: Add struct ethhdr (#4239)
• Linux: Add struct ifinfomsg (#5012)
• Linux: Define max_align_t for riscv64 (#5029)
• NetBSD: Add missing CLOCK_ constants (#5020)
• NuttX: Add _SC_HOST_NAME_MAX (#5004)
• VxWorks: Add flock and F_*LCK constants (#4043)
• WASI: Add all _SC_* sysconf constants (#5023)

Deprecated

The remaining fixed-width integer aliases, __uint128_t, __uint128, __int128_t, and __int128, have been deprecated. Use i128 and u128 instead. (#4343)

Fixed

• breaking Redox: Fix signal action constant types (#5009)
• EspIDF: Correct the value of DT_* constants (#5034)
• Redox: Fix locale values and add RTLD_NOLOAD, some TCP constants (#5025)
• Various: Use Padding::new(<zeroed>) rather than Padding::uninit() (#5036)

Changed

• potentially breaking Linux: Add new fields to struct ptrace_syscall_info (#4966)

... (truncated)

Changelog

Sourced from libc's changelog.

0.2.185 - 2026-04-13

Added

• EspIDF: Add espidf_picolibc cfg for picolibc O_* flag values (#5035)
• Hexagon: add missing constants and fix types for linux-musl (#5042)
• Redox: Add semaphore functions (#5051)
• Windows: Add sprintf, snprintf, and the scanf family (#5024)

Fixed

• Hexagon: Decouple time64 types from musl symbol redirects (#5040)
• Horizon: Change POLL constants from c_short to c_int (#5045)

0.2.184 - 2026-04-01

MSRV

This release increases the MSRV of libc to 1.65. With this update, you can now always use the core::ffi::c_* types with libc definitions, since libc has been changed to reexport from core rather than redefining them. (This usually worked before but had edge cases.) (#4972)

Added

• BSD: Add IP_MINTTL to bsd (#5026)
• Cygwin: Add TIOCM_DSR (#5031)
• FreeBSD: Added xfile structe and file descriptor types (#5002)
• Linux: Add CAN netlink bindings (#5011)
• Linux: Add struct ethhdr (#4239)
• Linux: Add struct ifinfomsg (#5012)
• Linux: Define max_align_t for riscv64 (#5029)
• NetBSD: Add missing CLOCK_ constants (#5020)
• NuttX: Add _SC_HOST_NAME_MAX (#5004)
• VxWorks: Add flock and F_*LCK constants (#4043)
• WASI: Add all _SC_* sysconf constants (#5023)

Deprecated

The remaining fixed-width integer aliases, __uint128_t, __uint128, __int128_t, and __int128, have been deprecated. Use i128 and u128 instead. (#4343)

Fixed

• breaking Redox: Fix signal action constant types (#5009)
• EspIDF: Correct the value of DT_* constants (#5034)
• Redox: Fix locale values and add RTLD_NOLOAD, some TCP constants (#5025)
• Various: Use Padding::new(<zeroed>) rather than Padding::uninit() (#5036)

... (truncated)

Commits

• 71d5bfc libc: Release 0.2.185
• 1027d1c Revert "ci: Pin nightly to 2026-04-01"
• 0e9c6e5 redox: Add semaphore functions
• 24ef457 feat: add back support for gnu windows x86 in ci
• aa75caf horizon: Change POLL constants from c_short to c_int
• b7eda5a hexagon: add missing constants and fix types for linux-musl
• d4613f9 newlib/espidf: Add espidf_picolibc cfg for picolibc O_* flag values
• c89fd76 Fix typo in Padding comments
• b3264b2 hexagon: decouple time64 types from musl symbol redirects
• db1ebee ci: Pin nightly to 2026-04-01
• Additional commits viewable in compare view

Updates pulldown-cmark from 0.13.0 to 0.13.3

Release notes

Sourced from pulldown-cmark's releases.

0.13.3

Bug Fixes

• Fix Wikilink offset.

Full Changelog: pulldown-cmark/pulldown-cmark@v0.13.2...v0.13.3

0.13.2

Security

• Bump tar to 0.4.45.

Full Changelog: pulldown-cmark/pulldown-cmark@v0.13.1...v0.13.2

0.13.1

Update dependencies.

Full Changelog: pulldown-cmark/pulldown-cmark@v0.13.0...v0.13.1

Commits

• b0e6f65 chore: bump pulldown-cmark version in Cargo.lock
• ed2ee59 chore: bump pulldown-cmark version
• 676afd2 fix: wrong wikilink end-offset
• bad7926 chore: bump pulldown-cmark in Cargo.lock
• f67922d fix: bump tar to 0.4.45 for security purposes
• fe36038 chore: cargo update and bump pulldown-cmark version
• See full diff in compare view

Updates rustls from 0.23.37 to 0.23.38

Commits

• 6b116bc Bump version of rustls
• a1da268 client: allow skipping selected ALPN validation
• 5b3ef11 Fix ambiguous panic! warning
• 0f0fbf5 Fix clippy::result_large_err
• 7e99b52 Update semver-compatible dependencies
• See full diff in compare view

Updates semver from 1.0.27 to 1.0.28

Release notes

Sourced from semver's releases.

1.0.28

• Documentation improvements

Commits

• 7625c7a Release 1.0.28
• fd404d0 Merge pull request 351 from czy-29/master
• f75f26e The doc_auto_cfg and doc_cfg features have been merged
• 9e2bfa2 Enable serde on docs.rs and automatically add serde flag to the docs
• 8591f23 Unpin CI miri toolchain
• 66bdd2c Pin CI miri to nightly-2026-02-11
• 324ffce Switch from cargo bench to criterion
• 34133a5 Update actions/upload-artifact@v5 -> v6
• 7f935ff Update actions/upload-artifact@v4 -> v5
• c07fb91 Switch from test::black_box to std::hint::black_box
• Additional commits viewable in compare view

Updates tokio-postgres from 0.7.16 to 0.7.17

Release notes

Sourced from tokio-postgres's releases.

tokio-postgres v0.7.17

Added

• Added Client::execute_typed method.
• Added Client::query_typed_one and Client::query_typed_opt methods.
• Added GenericClient::execute_typed, GenericClient::query_typed_one, and GenericClient::query_typed_opt methods.
• Added Transaction::execute_typed, Transaction::query_typed_one, and Transaction::query_typed_opt methods.
• Added support for bit-vec 0.9 via the with-bit-vec-0_9 feature.

Changed

• Upgraded rand to 0.10.
• Upgraded to Rust edition 2024, minimum Rust version 1.85.

Commits

• 35a85bd Release tokio-postgres v0.7.17
• 64674ba Release postgres-types v0.2.13
• 40b760d Release postgres-derive v0.4.8
• 6c92298 Release postgres-protocol v0.6.11
• e088d7d style(clippy): fix clippy::useless_conversion
• 19897e8 build(deps): upgrade semver compatible Rust dependencies
• 2584926 build(deps): upgrade RustCrypto dependencies
• 10a7724 chore: add bit-vec v0.9 support
• 2853157 fix: cargo fmt --all
• c8f8993 feat: add rustfmt.toml for opiniated formatting
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[deepsource-io]

DeepSource Code Review

We reviewed changes in 0594766...2e045e6 on this pull request. Below is the summary for the review, and you can see the individual issues we found as inline review comments.

See full review on DeepSource ↗

PR Report Card

Overall Grade

Security   Reliability   Complexity   Hygiene

Code Review Summary

Analyzer	Status	Updated (UTC)	Details
Rust		Apr 13, 2026 12:14p.m.	Review ↗
Shell		Apr 13, 2026 12:14p.m.	Review ↗
JavaScript		Apr 13, 2026 12:14p.m.	Review ↗

---

Important

AI Review is run only on demand for your team. We're only showing results of static analysis review right now. To trigger AI Review, comment @deepsourcebot review on this thread.