build(deps): bump the rust-dependencies group across 5 directories with 6 updates

[dependabot]

Bumps the rust-dependencies group with 5 updates in the / directory:

Package	From	To
semver	1.0.27	1.0.28
jsonschema	0.45.0	0.45.1
indexmap	2.13.0	2.13.1
toml_edit	0.25.10+spec-1.1.0	0.25.11+spec-1.1.0
zip	8.5.0	8.5.1

Bumps the rust-dependencies group with 3 updates in the /bindings/ffi directory: semver, jsonschema and indexmap.
Bumps the rust-dependencies group with 3 updates in the /bindings/java directory: semver, jsonschema and indexmap.
Bumps the rust-dependencies group with 4 updates in the /bindings/python directory: semver, jsonschema, indexmap and pyo3.
Bumps the rust-dependencies group with 3 updates in the /bindings/wasm directory: semver, jsonschema and indexmap.

Updates semver from 1.0.27 to 1.0.28

Release notes

Sourced from semver's releases.

1.0.28

• Documentation improvements

Commits

• 7625c7a Release 1.0.28
• fd404d0 Merge pull request 351 from czy-29/master
• f75f26e The doc_auto_cfg and doc_cfg features have been merged
• 9e2bfa2 Enable serde on docs.rs and automatically add serde flag to the docs
• 8591f23 Unpin CI miri toolchain
• 66bdd2c Pin CI miri to nightly-2026-02-11
• 324ffce Switch from cargo bench to criterion
• 34133a5 Update actions/upload-artifact@v5 -> v6
• 7f935ff Update actions/upload-artifact@v4 -> v5
• c07fb91 Switch from test::black_box to std::hint::black_box
• Additional commits viewable in compare view

Updates jsonschema from 0.45.0 to 0.45.1

Release notes

Sourced from jsonschema's releases.

[Python] Release 0.45.1

Fixed

• Incorrect handling of multipleOf validation for negative numeric instances.
• Incorrect handling of duration format when hours and seconds appear without minutes, or years and days without months.

[Ruby] Release 0.45.1

Fixed

• Incorrect handling of multipleOf validation for negative numeric instances.
• Incorrect handling of duration format when hours and seconds appear without minutes, or years and days without months.

[Rust] Release 0.45.1

Fixed

• Incorrect handling of multipleOf validation for negative numeric instances.
• Incorrect handling of duration format when hours and seconds appear without minutes, or years and days without months.

Changelog

Sourced from jsonschema's changelog.

[0.45.1] - 2026-04-06

Fixed

• Incorrect handling of multipleOf validation for negative numeric instances.
• Incorrect handling of duration format when hours and seconds appear without minutes, or years and days without months.

Commits

• fb45aed chore(ruby): Release 0.45.1
• 6908cfb build: Fix ruby release
• 2dc7fb0 chore(python): Release 0.45.1
• 2ef12bd chore(rust): Release 0.45.1
• b3f43c2 build(deps): update serde-saphyr requirement from 0.0.22 to 0.0.23
• 97b0870 build(deps): bump crates/jsonschema/tests/suite
• 357352e test: Disable doctest with HTTP request
• b58f2be docs: Update changelogs
• 9265f70 fix: support negative multiples (#1089)
• 8acb9de build(deps): bump crates/jsonschema-referencing/tests/suite
• Additional commits viewable in compare view

Updates indexmap from 2.13.0 to 2.13.1

Changelog

Sourced from indexmap's changelog.

2.13.1 (2026-04-02)

• Made some Slice methods const:
  • map::Slice::{first,last,split_at,split_at_checked,split_first,split_last}
  • set::Slice::{first,last,split_at,split_at_checked,split_first,split_last}

Commits

• 0b2adfe Merge pull request #434 from cuviper/const-slice
• afa3caf Release 2.13.1
• 906a7ce Make Slice::{first,last,split_*} methods const
• See full diff in compare view

Updates toml_edit from 0.25.10+spec-1.1.0 to 0.25.11+spec-1.1.0

Commits

• 45456ab chore: Release
• b100851 docs: Update changelog
• 165302f fix(edit): Preserve outer spans for malformed containers (#1141)
• 1b0bd02 fix(edit): Preserve outer spans for malformed arrays
• 9eb4dab test(parse): Cover malformed array parse error
• 57ea4b4 fix(edit): Preserve outer spans for malformed inline tables
• 92e8001 test(parse): Cover malformed inline table parse error
• 36e558e docs: Fix spelling mistake
• See full diff in compare view

Updates zip from 8.5.0 to 8.5.1

Release notes

Sourced from zip's releases.

v8.5.1

🚜 Refactor

• change magic finder to stack buffer (#763)
• simplify extra field parsing (#764)

Changelog

Sourced from zip's changelog.

8.5.1 - 2026-04-06

🚜 Refactor

• change magic finder to stack buffer (#763)
• simplify extra field parsing (#764)

Commits

• 5c0a0a2 chore: release v8.5.1 (#766)
• e1fc904 ci(deps): bump github/codeql-action from 4.32.6 to 4.35.1 (#769)
• ef6392d refactor: change magic finder to stack buffer (#763)
• f6c64ff refactor: simplify extra field parsing (#764)
• See full diff in compare view

Updates semver from 1.0.27 to 1.0.28

Release notes

Sourced from semver's releases.

1.0.28

• Documentation improvements

Commits

• 7625c7a Release 1.0.28
• fd404d0 Merge pull request 351 from czy-29/master
• f75f26e The doc_auto_cfg and doc_cfg features have been merged
• 9e2bfa2 Enable serde on docs.rs and automatically add serde flag to the docs
• 8591f23 Unpin CI miri toolchain
• 66bdd2c Pin CI miri to nightly-2026-02-11
• 324ffce Switch from cargo bench to criterion
• 34133a5 Update actions/upload-artifact@v5 -> v6
• 7f935ff Update actions/upload-artifact@v4 -> v5
• c07fb91 Switch from test::black_box to std::hint::black_box
• Additional commits viewable in compare view

Updates jsonschema from 0.45.0 to 0.45.1

Release notes

Sourced from jsonschema's releases.

[Python] Release 0.45.1

Fixed

• Incorrect handling of multipleOf validation for negative numeric instances.
• Incorrect handling of duration format when hours and seconds appear without minutes, or years and days without months.

[Ruby] Release 0.45.1

Fixed

• Incorrect handling of multipleOf validation for negative numeric instances.
• Incorrect handling of duration format when hours and seconds appear without minutes, or years and days without months.

[Rust] Release 0.45.1

Fixed

• Incorrect handling of multipleOf validation for negative numeric instances.
• Incorrect handling of duration format when hours and seconds appear without minutes, or years and days without months.

Changelog

Sourced from jsonschema's changelog.

[0.45.1] - 2026-04-06

Fixed

• Incorrect handling of multipleOf validation for negative numeric instances.
• Incorrect handling of duration format when hours and seconds appear without minutes, or years and days without months.

Commits

• fb45aed chore(ruby): Release 0.45.1
• 6908cfb build: Fix ruby release
• 2dc7fb0 chore(python): Release 0.45.1
• 2ef12bd chore(rust): Release 0.45.1
• b3f43c2 build(deps): update serde-saphyr requirement from 0.0.22 to 0.0.23
• 97b0870 build(deps): bump crates/jsonschema/tests/suite
• 357352e test: Disable doctest with HTTP request
• b58f2be docs: Update changelogs
• 9265f70 fix: support negative multiples (#1089)
• 8acb9de build(deps): bump crates/jsonschema-referencing/tests/suite
• Additional commits viewable in compare view

Updates indexmap from 2.13.0 to 2.13.1

Changelog

Sourced from indexmap's changelog.

2.13.1 (2026-04-02)

• Made some Slice methods const:
  • map::Slice::{first,last,split_at,split_at_checked,split_first,split_last}
  • set::Slice::{first,last,split_at,split_at_checked,split_first,split_last}

Commits

• 0b2adfe Merge pull request #434 from cuviper/const-slice
• afa3caf Release 2.13.1
• 906a7ce Make Slice::{first,last,split_*} methods const
• See full diff in compare view

Updates semver from 1.0.27 to 1.0.28

Release notes

Sourced from semver's releases.

1.0.28

• Documentation improvements

Commits

• 7625c7a Release 1.0.28
• fd404d0 Merge pull request 351 from czy-29/master
• f75f26e The doc_auto_cfg and doc_cfg features have been merged
• 9e2bfa2 Enable serde on docs.rs and automatically add serde flag to the docs
• 8591f23 Unpin CI miri toolchain
• 66bdd2c Pin CI miri to nightly-2026-02-11
• 324ffce Switch from cargo bench to criterion
• 34133a5 Update actions/upload-artifact@v5 -> v6
• 7f935ff Update actions/upload-artifact@v4 -> v5
• c07fb91 Switch from test::black_box to std::hint::black_box
• Additional commits viewable in compare view

Updates jsonschema from 0.45.0 to 0.45.1

Release notes

Sourced from jsonschema's releases.

[Python] Release 0.45.1

Fixed

• Incorrect handling of multipleOf validation for negative numeric instances.
• Incorrect handling of duration format when hours and seconds appear without minutes, or years and days without months.

[Ruby] Release 0.45.1

Fixed

• Incorrect handling of multipleOf validation for negative numeric instances.
• Incorrect handling of duration format when hours and seconds appear without minutes, or years and days without months.

[Rust] Release 0.45.1

Fixed

• Incorrect handling of multipleOf validation for negative numeric instances.
• Incorrect handling of duration format when hours and seconds appear without minutes, or years and days without months.

Changelog

Sourced from jsonschema's changelog.

[0.45.1] - 2026-04-06

Fixed

• Incorrect handling of multipleOf validation for negative numeric instances.
• Incorrect handling of duration format when hours and seconds appear without minutes, or years and days without months.

Commits

• fb45aed chore(ruby): Release 0.45.1
• 6908cfb build: Fix ruby release
• 2dc7fb0 chore(python): Release 0.45.1
• 2ef12bd chore(rust): Release 0.45.1
• b3f43c2 build(deps): update serde-saphyr requirement from 0.0.22 to 0.0.23
• 97b0870 build(deps): bump crates/jsonschema/tests/suite
• 357352e test: Disable doctest with HTTP request
• b58f2be docs: Update changelogs
• 9265f70 fix: support negative multiples (#1089)
• 8acb9de build(deps): bump crates/jsonschema-referencing/tests/suite
• Additional commits viewable in compare view

Updates indexmap from 2.13.0 to 2.13.1

Changelog

Sourced from indexmap's changelog.

2.13.1 (2026-04-02)

• Made some Slice methods const:
  • map::Slice::{first,last,split_at,split_at_checked,split_first,split_last}
  • set::Slice::{first,last,split_at,split_at_checked,split_first,split_last}

Commits

• 0b2adfe Merge pull request #434 from cuviper/const-slice
• afa3caf Release 2.13.1
• 906a7ce Make Slice::{first,last,split_*} methods const
• See full diff in compare view

Updates semver from 1.0.27 to 1.0.28

Release notes

Sourced from semver's releases.

1.0.28

• Documentation improvements

Commits

• 7625c7a Release 1.0.28
• fd404d0 Merge pull request 351 from czy-29/master
• f75f26e The doc_auto_cfg and doc_cfg features have been merged
• 9e2bfa2 Enable serde on docs.rs and automatically add serde flag to the docs
• 8591f23 Unpin CI miri toolchain
• 66bdd2c Pin CI miri to nightly-2026-02-11
• 324ffce Switch from cargo bench to criterion
• 34133a5 Update actions/upload-artifact@v5 -> v6
• 7f935ff Update actions/upload-artifact@v4 -> v5
• c07fb91 Switch from test::black_box to std::hint::black_box
• Additional commits viewable in compare view

Updates jsonschema from 0.45.0 to 0.45.1

Release notes

Sourced from jsonschema's releases.

[Python] Release 0.45.1

Fixed

• Incorrect handling of multipleOf validation for negative numeric instances.
• Incorrect handling of duration format when hours and seconds appear without minutes, or years and days without months.

[Ruby] Release 0.45.1

Fixed

• Incorrect handling of multipleOf validation for negative numeric instances.
• Incorrect handling of duration format when hours and seconds appear without minutes, or years and days without months.

[Rust] Release 0.45.1

Fixed

• Incorrect handling of multipleOf validation for negative numeric instances.
• Incorrect handling of duration format when hours and seconds appear without minutes, or years and days without months.

Changelog

Sourced from jsonschema's changelog.

[0.45.1] - 2026-04-06

Fixed

• Incorrect handling of multipleOf validation for negative numeric instances.
• Incorrect handling of duration format when hours and seconds appear without minutes, or years and days without months.

Commits

• fb45aed chore(ruby): Release 0.45.1
• 6908cfb build: Fix ruby release
• 2dc7fb0 chore(python): Release 0.45.1
• 2ef12bd chore(rust): Release 0.45.1
• b3f43c2 build(deps): update serde-saphyr requirement from 0.0.22 to 0.0.23
• 97b0870 build(deps): bump crates/jsonschema/tests/suite
• 357352e test: Disable doctest with HTTP request
• b58f2be docs: Update changelogs
• 9265f70 fix: support negative multiples (#1089)
• 8acb9de build(deps): bump crates/jsonschema-referencing/tests/suite
• Additional commits viewable in compare view

Updates indexmap from 2.13.0 to 2.13.1

Changelog

Sourced from indexmap's changelog.

2.13.1 (2026-04-02)

• Made some Slice methods const:
  • map::Slice::{first,last,split_at,split_at_checked,split_first,split_last}
  • set::Slice::{first,last,split_at,split_at_checked,split_first,split_last}

Commits

• 0b2adfe Merge pull request #434 from cuviper/const-slice
• afa3caf Release 2.13.1
• 906a7ce Make Slice::{first,last,split_*} methods const
• See full diff in compare view

Updates pyo3 from 0.28.2 to 0.28.3

Release notes

Sourced from pyo3's releases.

PyO3 0.28.3

This patch contains several fixes for stability of the PyO3 0.28.x series:

• Python::attach and Python::try_attach will no longer return before the thread initializing the interpreter has finished runnning site.py when using the auto-initialize feature.
• Fix unsoundness in PyBytesWriter::write_vectored when targeting the Python 3.15 prerelease interpreter.
• Fix possible deadlock in .into_pyobject() implementation for C-like #[pyclass] enums.

A couple of edge cases causing compile failures were also fixed.

Thank you to the following contributors for the improvements:

@​alex @​bschoenmaeckers @​chirizxc @​davidhewitt @​Embers-of-the-Fire @​Icxolu @​maurosilber @​ngoldbaum

Changelog

Sourced from pyo3's changelog.

[0.28.3] - 2026-04-02

Fixed

• Fix compile error with #[pyclass(get_all)] on a type named Probe. #5837
• Fix compile error in debug builds related to _Py_NegativeRefcount with Python < 3.12. #5847
• Fix a race condition where Python::attach or try_attach could return before site.py had finished running. #5903
• Fix unsoundness in PyBytesWriter::write_vectored with Python 3.15 prerelease versions. #5907
• Fix deadlock in .into_pyobject() implementation for C-like #[pyclass] enums. #5928

Commits

• 743af64 release: 0.28.3
• 2042b4c fix deadlock when initializing enum via into_pyobject() (#5928)
• 0157247 ci: update UI tests for Rust 1.94 (#5859)
• e234f8a Update getting-started.md (#5899)
• c06848d fix ffi-check in 3.15.0a7 (#5873)
• 83f4283 remove unused try_trait_v2 feature when enabling the nightly feature (#5868)
• 0de57ed Fix unsoundness in PyBytesWriter::write_vectored (#5907)
• 49cd13f fixes #5900 -- address race condition with initialization and site.py loading...
• c90d163 [fix] Fix std::ffi import for _Py_NegativeRefcount (#5847)
• b79d725 fix(pyo3-macros): allow pyclass named Probe (#5837)
• See full diff in compare view

Updates semver from 1.0.27 to 1.0.28

Release notes

Sourced from semver's releases.

1.0.28

• Documentation improvements

Commits

• 7625c7a Release 1.0.28
• fd404d0 Merge pull request 351 from czy-29/master
• f75f26e The doc_auto_cfg and doc_cfg features have been merged
• 9e2bfa2 Enable serde on docs.rs and automatically add serde flag to the docs
• 8591f23 Unpin CI miri toolchain
• 66bdd2c Pin CI miri to nightly-2026-02-11
• 324ffce Switch from cargo bench to criterion
• 34133a5 Update actions/upload-artifact@v5 -> v6
• 7f935ff Update actions/upload-artifact@v4 -> v5
• c07fb91 Switch from test::black_box to std::hint::black_box
• Additional commits viewable in compare view

Updates jsonschema from 0.45.0 to 0.45.1

Release notes

Sourced from jsonschema's releases.

[Python] Release 0.45.1

Fixed

• Incorrect handling of multipleOf validation for negative numeric instances.
• Incorrect handling of duration format when hours and seconds appear without minutes, or years and days without months.

[Ruby] Release 0.45.1

Fixed

• Incorrect handling of multipleOf validation for negative numeric instances.
• Incorrect handling of duration format when hours and seconds appear without minutes, or years and days without months.

[Rust] Release 0.45.1

Fixed

• Incorrect handling of multipleOf validation for negative numeric instances.
• Incorrect handling of duration format when hours and seconds appear without minutes, or years and days without months.

Changelog

Sourced from jsonschema's changelog.

[0.45.1] - 2026-04-06

Fixed

• Incorrect handling of multipleOf validation for negative numeric instances.
• Incorrect handling of duration format when hours and seconds appear without minutes, or years and days without months.

Commits

• fb45aed chore(ruby): Release 0.45.1
• 6908cfb build: Fix ruby release
• 2dc7fb0 chore(python): Release 0.45.1
• 2ef12bd chore(rust): Release 0.45.1
• b3f43c2 build(deps): update serde-saphyr requirement from 0.0.22 to 0.0.23
• 97b0870 build(deps): bump crates/jsonschema/tests/suite
• 357352e test: Disable doctest with HTTP request
• b58f2be docs: Update changelogs
• 9265f70 fix: support negative multiples (#1089)
• 8acb9de build(deps): bump crates/jsonschema-referencing/tests/suite
• Additional commits viewable in compare view

Updates indexmap from 2.13.0 to 2.13.1

Changelog

Sourced from indexmap's changelog.

2.13.1 (2026-04-02)

• Made some Slice methods const:
  • map::Slice::{first,last,split_at,split_at_checked,split_first,split_last}
  • set::Slice::{first,last,split_at,split_at_checked,split_first,split_last}

Commits

• 0b2adfe Merge pull request #434 from cuviper/const-slice
• afa3caf Release 2.13.1
• 906a7ce Make Slice::{first,last,split_*} methods const
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[Copilot]

Pull request overview

Updates Rust dependency versions across the main workspace and several language binding crates by refreshing manifests/lockfiles to pick up the latest patch/minor releases.

Changes:

• Bump semver, jsonschema, and indexmap versions used by the workspace (and refresh lockfiles accordingly).
• Refresh lockfiles to pick up newer patch versions of transitive deps like toml_edit and zip.
• Bump pyo3 for the Python bindings to 0.28.3 and update the Python binding lockfile.

Reviewed changes

Copilot reviewed 2 out of 8 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
Cargo.toml	Updates workspace dependency requirements for semver, jsonschema, indexmap.
Cargo.lock	Refreshes resolved versions/checksums for updated dependencies (semver, jsonschema, indexmap, toml_edit, zip, etc.).
bindings/ffi/Cargo.lock	Updates resolved versions/checksums for the FFI binding dependency set.
bindings/java/Cargo.lock	Updates resolved versions/checksums for the Java binding dependency set.
bindings/python/Cargo.toml	Bumps pyo3 to 0.28.3.
bindings/python/Cargo.lock	Refreshes resolved versions/checksums including pyo3 and shared deps (semver, jsonschema, indexmap).
bindings/ruby/Cargo.lock	Updates resolved versions/checksums for the Ruby binding dependency set.
bindings/wasm/Cargo.lock	Updates resolved versions/checksums for the WASM binding dependency set.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.