chore(deps): bump the prod-deps group across 1 directory with 7 updates

[dependabot]

Bumps the prod-deps group with 6 updates in the / directory:

Package	From	To
serde-saphyr	0.0.27	0.0.28
rustls	0.23.40	0.23.41
turso	0.7.0-pre.8	0.7.0-pre.10
rmcp	1.7.0	1.8.0
frankenstein	0.50.0	0.50.1
cron	0.16.0	0.17.0

Updates serde-saphyr from 0.0.27 to 0.0.28

Release notes

Sourced from serde-saphyr's releases.

0.0.28 Property interpolation extensions and even faster builds

Significant extension of property interpolation ( @​CommanderStorm)

• Added support for default property interpolation in plain scalars: ${NAME:-default} now resolves to default when NAME is unset or explicitly empty.
• ${VAR}: Values that must be configured (DB URLs, API keys). An unset var is a misconfiguration, not something to paper over -> a loud error at parse time
• ${VAR-fallback}: Empty value is meaningful and distinct from "not configured". F.ex. PREFIX="" -> "no prefix".
• ${VAR:-fallback}: The "regular" default, so f.ex. ${PORT:-8080}
• ${VAR+text}: F.ex. ${DEBUG+--verbose} emits the flag whenever DEBUG exists in the environment, regardless of value.
• ${VAR:+text}: Same as above, but differentiating empty <-> null

Also

• Fix #120 LastWins not honored when deserializing struct. This was implemented and well tested, but only with maps.
• Reduced owning of comment strings (parsing very heavily commented YAML while discarding comments should be lighter on resources).
• Fixed indentation enforcement (@​CommanderStorm), making sure it also works for multiline scalars.
• Fixed tuple serialization (@​CommanderStorm)
• New SingleQuoted<..> and DoubleQuoted<..> wrappers to emit quoted strings. SingleQuoted may provide additional safety, as control characters will be rejected (with error), rather than written as YAML escape sequences. NullableTilde<T> is like Option and emits tilde ( ~ ) rather than null.

Faster compilation times with serde_core

serde-saphyr now avoids compiling serde_derive by default. The crate core uses serde_core instead that allows building serde-saphyr in parallel with serde_derive. However this also means that we needed to drop the previously built-in (de)serialization support for some serde-saphyr own configuration and reporting types like Options. (De)serialization support for these types can be re-enabled with the new feature serde_derived_types:

serde-saphyr = { version = "...", features = ["serde_derived_types"] }

This does not affect normal use of serde-saphyr for user data, you can still serialize and deserialize your own structs as before.

Commits

• 958bb94 NullableTilde implementation (#148)
• e2453d1 Integrate granit parser 0.0.6 parsing.
• 38f602d Implement DoubleQuoted and SingleQuoted (#146)
• 07fbcf7 Remove redundant #[cfg(test)]
• 3541006 Remaining issue: flow maps still bypass the simple-key limit
• 65d41ca fix: long string keys not roundtripping (#141)
• 2adf2c4 Split serde and make serde-saphyr core to depend on serde-core only. (#144)
• 07708ed fix fmt (#145)
• f2cd59c Implement <Quoted> (#140)
• 1a291ca fix: quoting support not counting trailing whitespace in keys, BOM, .. (#139)
• Additional commits viewable in compare view

Updates rustls from 0.23.40 to 0.23.41

Commits

• 642a103 ci: drop Taplo job
• 752c144 Drop nightly clippy tests
• 8d8611a Fix new clippy::useless-borrows-in-formatting
• ebf3297 Fix new clippy::manual_clear
• 46808e7 ci: sync cargo-check-external-types nightly
• 041a8d2 Cargo deny: allow RUSTSEC-2026-0173
• 62e220e Take semver-compatible dependency updates
• 3c14696 Upgrade to hickory-resolver 0.26
• 848a2cc connect-tests: delete ech.rs
• 5ce9cac Bump version to 0.23.41
• Additional commits viewable in compare view

Updates turso from 0.7.0-pre.8 to 0.7.0-pre.10

Release notes

Sourced from turso's releases.

v0.7.0-pre.10

Install turso_cli 0.7.0-pre.10

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/tursodatabase/turso/releases/download/v0.7.0-pre.10/turso_cli-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/tursodatabase/turso/releases/download/v0.7.0-pre.10/turso_cli-installer.ps1 | iex"

Download turso_cli 0.7.0-pre.10

File	Platform	Checksum
turso_cli-aarch64-apple-darwin.tar.xz	Apple Silicon macOS	checksum
turso_cli-x86_64-apple-darwin.tar.xz	Intel macOS	checksum
turso_cli-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
turso_cli-aarch64-unknown-linux-gnu.tar.xz	ARM64 Linux	checksum
turso_cli-x86_64-unknown-linux-gnu.tar.xz	x64 Linux	checksum

Verifying GitHub Artifact Attestations

The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:

gh attestation verify <file-path of downloaded artifact> --repo tursodatabase/turso

You can also download the attestation from GitHub and verify against that directly:

gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>

v0.7.0-pre.9

Install turso_cli 0.7.0-pre.9

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/tursodatabase/turso/releases/download/v0.7.0-pre.9/turso_cli-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/tursodatabase/turso/releases/download/v0.7.0-pre.9/turso_cli-installer.ps1 | iex"
</tr></table> 

... (truncated)

Commits

• 1ebe80f Turso 0.7.0-pre.10
• 0795445 Merge 'avoid full range scan for index seek operation' from Nikita Sivukhin
• 478f7fc Merge 'mvcc: add allocator generic to mv store' from Pedro Muniz
• 5606fca add microbenchmark
• c6d182a avoid full range scan for index seek operation
• 9393b89 serverless/javascript: 1.3.0-pre.1
• 515f5fc Merge 'javascript: Return per-statement results from batch()' from Pekka Enberg
• 45e80cf Return per-statement results from batch()
• a92b845 mvcc: parameterize mv store allocator
• 93dddea Turso 0.7.0-pre.9
• Additional commits viewable in compare view

Updates turso_core from 0.7.0-pre.8 to 0.7.0-pre.10

Release notes

Sourced from turso_core's releases.

v0.7.0-pre.10

Install turso_cli 0.7.0-pre.10

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/tursodatabase/turso/releases/download/v0.7.0-pre.10/turso_cli-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/tursodatabase/turso/releases/download/v0.7.0-pre.10/turso_cli-installer.ps1 | iex"

Download turso_cli 0.7.0-pre.10

File	Platform	Checksum
turso_cli-aarch64-apple-darwin.tar.xz	Apple Silicon macOS	checksum
turso_cli-x86_64-apple-darwin.tar.xz	Intel macOS	checksum
turso_cli-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
turso_cli-aarch64-unknown-linux-gnu.tar.xz	ARM64 Linux	checksum
turso_cli-x86_64-unknown-linux-gnu.tar.xz	x64 Linux	checksum

Verifying GitHub Artifact Attestations

The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:

gh attestation verify <file-path of downloaded artifact> --repo tursodatabase/turso

You can also download the attestation from GitHub and verify against that directly:

gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>

v0.7.0-pre.9

Install turso_cli 0.7.0-pre.9

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/tursodatabase/turso/releases/download/v0.7.0-pre.9/turso_cli-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/tursodatabase/turso/releases/download/v0.7.0-pre.9/turso_cli-installer.ps1 | iex"
</tr></table> 

... (truncated)

Commits

• 1ebe80f Turso 0.7.0-pre.10
• 0795445 Merge 'avoid full range scan for index seek operation' from Nikita Sivukhin
• 478f7fc Merge 'mvcc: add allocator generic to mv store' from Pedro Muniz
• 5606fca add microbenchmark
• c6d182a avoid full range scan for index seek operation
• 9393b89 serverless/javascript: 1.3.0-pre.1
• 515f5fc Merge 'javascript: Return per-statement results from batch()' from Pekka Enberg
• 45e80cf Return per-statement results from batch()
• a92b845 mvcc: parameterize mv store allocator
• 93dddea Turso 0.7.0-pre.9
• Additional commits viewable in compare view

Updates rmcp from 1.7.0 to 1.8.0

Release notes

Sourced from rmcp's releases.

rmcp-macros-v1.8.0

Added

• deprecate roots, sampling, and logging (SEP-2577) (#884)

Fixed

• strip and validate tool outputSchema and inputSchema (#860)
• remove unnecessary fields from tools' inputSchema (#856)

Other

• refine mcpmate listing copy (#885)
• added jilebi-mcp to the list of built with rmcp (#861)

rmcp-v1.8.0

[!WARNING]

⚠️ Breaking Changes

Despite being a minor version bump, this release contains a source-breaking API change (it should have been 2.0.0). If you depend on rmcp = "1.7", Cargo will resolve to 1.8.0 automatically and your build may fail. Pin to =1.7.x if you are not ready to migrate.

Peer::peer_info() return type changed (#862):

- pub fn peer_info(&self) -> Option<&R::PeerInfo>
+ pub fn peer_info(&self) -> Option<Arc<R::PeerInfo>>

This was needed so peer info can be re-set on a duplicate initialize (it now lives behind an RwLock), which is why a borrow can no longer be returned.

Migration: field access still works through Arc's Deref. If you need the old &InitializeResult (e.g. you bound the type explicitly), use .as_deref():

// Before (1.7.x): info is &InitializeResult
let info: Option<&InitializeResult> = client.peer_info();
// After (1.8.0): info is Arc<InitializeResult>
let info: Option<Arc<InitializeResult>> = client.peer_info();
// To recover the old reference type:
let info: Option<&InitializeResult> = client.peer_info().as_deref();

Added

• standardize resource-not-found error code (SEP-2164) (#899)
• validate OAuth authorization response issuer (#896)
• specify OIDC application_type during dynamic client registration (SEP-837) (#883)
• deprecate roots, sampling, and logging (SEP-2577) (#884)

... (truncated)

Commits

• 2522036 chore: release v1.8.0 (#850)
• 6d020c9 fix(auth): preserve configured reqwest client (#917)
• de898dd Allow custom HTTP clients for OAuth (#908)
• 3c5ce2b fix(auth): align OAuth metadata discovery ordering (#887)
• 443677c fix: align progress timeout token (#909)
• 4fd4986 fix(elicitation): preserve enumNames through ElicitationSchema serde round-tr...
• bf71eb8 chore(deps): bump actions/checkout from 6 to 7 (#911)
• 5d00e20 Add progress-aware request timeout reset (#858)
• 4b82e41 docs(server): document Err vs Ok(CallToolResult::error) visibility contract o...
• 95a8e96 feat: standardize resource-not-found error code (SEP-2164) (#899)
• Additional commits viewable in compare view

Updates frankenstein from 0.50.0 to 0.50.1

Release notes

Sourced from frankenstein's releases.

0.50.1

What's Changed

• Telegram Bot API 10.1 by @​ayrat555 in ayrat555/frankenstein#325

Full Changelog: ayrat555/frankenstein@0.50.0...0.50.1

Changelog

Sourced from frankenstein's changelog.

0.50.1 (2026-06-20)

• feat: Bot API 10.1 - #325

Commits

• f9e9352 release 0.50.1 (#326)
• 0e924b8 Telegram Bot API 10.1 (#325)
• See full diff in compare view

Updates cron from 0.16.0 to 0.17.0

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.