chore(deps): bump the dependencies group across 1 directory with 7 updates

[dependabot]

Updates the requirements on thiserror, nalgebra, itertools, reqwest, criterion, pyo3 and numpy to permit the latest version.
Updates thiserror to 2.0.17

Release notes

Sourced from thiserror's releases.

2.0.17

• Use differently named __private module per patch release (#434)

Commits

• 72ae716 Release 2.0.17
• 599fdce Merge pull request #434 from dtolnay/private
• 9ec05f6 Use differently named __private module per patch release
• d2c492b Raise minimum tested compiler to rust 1.76
• fc3ab95 Opt in to generate-macro-expansion when building on docs.rs
• 819fe29 Update ui test suite to nightly-2025-09-12
• 259f48c Enforce trybuild >= 1.0.108
• 470e6a6 Update ui test suite to nightly-2025-08-24
• 544e191 Update actions/checkout@v4 -> v5
• cbc1eba Delete duplicate cap-lints flag from build script
• Additional commits viewable in compare view

Updates nalgebra to 0.34.1

Changelog

Sourced from nalgebra's changelog.

[0.34.1] (20 Sept. 2025)

Added

• Added encase feature, providing encase trait implementations for nalgebra types.

[0.34.0] (31 July 2025)

Added

• Add the convert-glam030 feature to enable conversion from/to types from glam v0.30.
• Add the defmt cargo feature that enables derives of defmt::Format for all no-std types.

Changed

• Bumped MSRV to 1.87.0.
• Updated rand dependency to 0.9.0.
• Renamed associated const DimName::USIZE to DimName::DIM.
• Moved to Rust 2024 edition.
• Several methods are now const whenever possible. See details in #1522.
• Features for conversion from/to types from glam (such as convert-glam029) no longer enable default features for glam, allowing use in no_std environments.

Fixed

• Fix infinite loop when attempting to take the Schur decomposition of a 0 matrix.

[0.33.2] (29 October 2024)

Added

• Add the convert-glam029 feature to enable conversion from/to types from glam v0.29.

[0.33.1] (16 October 2024)

Added

• Add implementations of bytemuck traits for isometries and similarities.
• Implement AsRef<[T]> for matrices with contiguous storage.
• Enable the num-complex/bytemuck feature when the convert-bytemuck feature is enabled.

[0.33.0] (23 June 2024)

Fixed

• Fix a memory leak in Matrix::generic_resize.
• Fix glm::is_null to check the vector magnitude instead of individual components.
• Ensure that inverting a 4x4 matrix leaves it unchanged if the inversion fails.

Added

... (truncated)

Commits

• 122897f Release v0.34.1 (#1546)
• ef4202e Add encase trait implementations (#1545)
• 6519048 Merge Fix linalg bench warnings (#1544)
• 8cd8b4b Fixes for nalgebra-lapack (faulty test, bugs in implementations, compile erro...
• 8964bf2 chore: fix categories list in nalgebra-glm cargo.toml
• 631064a Release v0.34.0 (#1535)
• e0e2be8 Disable default features for glam (#1510)
• 9598744 Make epsilon more forgiving in euler_angles_ordered (#1489)
• 9687b8b Fixes the Schur decomposition for a zero matrix (#1532)
• 7d9a89b Clarify documentation for from_fn (#1516)
• Additional commits viewable in compare view

Updates itertools to 0.14.0

Changelog

Sourced from itertools's changelog.

0.14.0

Breaking

• Increased MSRV to 1.63.0 (#960)
• Removed generic parameter from cons_tuples (#988)

Added

• Added array_combinations (#991)
• Added k_smallest_relaxed and variants (#925)
• Added next_array and collect_array (#560)
• Implemented DoubleEndedIterator for FilterOk (#948)
• Implemented DoubleEndedIterator for FilterMapOk (#950)

Changed

• Allow Q: ?Sized in Itertools::contains (#971)
• Improved hygiene of chain! (#943)
• Improved into_group_map_by documentation (#1000)
• Improved tree_reduce documentation (#955)
• Improved discoverability of merge_join_by (#966)
• Improved discoverability of take_while_inclusive (#972)
• Improved documentation of find_or_last and find_or_first (#984)
• Prevented exponentially large type sizes in tuple_combinations (#945)
• Added track_caller attr for asser_equal (#976)

Notable Internal Changes

• Fixed clippy lints (#956, #987, #1008)
• Addressed warnings within doctests (#964)
• CI: Run most tests with miri (#961)
• CI: Speed up "cargo-semver-checks" action (#938)
• Changed an instance of default_features in Cargo.toml to default-features (#985)

0.13.0

Breaking

• Removed implementation of DoubleEndedIterator for ConsTuples (#853)
• Made MultiProduct fused and fixed on an empty iterator (#835, #834)
• Changed iproduct! to return tuples for maxi one iterator too (#870)
• Changed PutBack::put_back to return the old value (#880)
• Removed deprecated repeat_call, Itertools::{foreach, step, map_results, fold_results} (#878)
• Removed TakeWhileInclusive::new (#912)

Added

• Added Itertools::{smallest_by, smallest_by_key, largest, largest_by, largest_by_key} (#654, #885)
• Added Itertools::tail (#899)
• Implemented DoubleEndedIterator for ProcessResults (#910)
• Implemented Debug for FormatWith (#931)
• Added Itertools::get (#891)

Changed

• Deprecated Itertools::group_by (renamed chunk_by) (#866, #879)

... (truncated)

Commits

• a015a68 Add next_array and collect_array
• a1213e1 Prepare v0.14.0 release
• ff0c942 fix clippy lints
• f80883b Fix into_group_map_by documentation errors
• b793238 Add track_caller for asser_equal
• 5d4056b default_features is deprecated - switch it to default-features
• a447b68 doc for added trait
• d0479b0 "nitpicks"
• 35c78ce IndexMut -> BorrowMut<slice>
• deb53ba refactored to share code
• Additional commits viewable in compare view

Updates reqwest to 0.13.1

Release notes

Sourced from reqwest's releases.

v0.13.1

What's Changed

• http3: depend on quinn/rustls-aws-lc-rs to avoid ring dependency by @​djc in seanmonstar/reqwest#2917
• fix rustls on android by @​seanmonstar in seanmonstar/reqwest#2918

Full Changelog: seanmonstar/reqwest@v0.13.0...v0.13.1

Changelog

Sourced from reqwest's changelog.

v0.13.1

• Fixes compiling with rustls on Android targets.

v0.13.0

• Breaking changes:
  • rustls is now the default TLS backend, instead of native-tls.
  • rustls crypto provider defaults to aws-lc instead of ring. (rustls-no-provider exists if you want a different crypto provider)
  • rustls-tls has been renamed to rustls.
  • rustls roots features removed, rustls-platform-verifier is used by default.
    • To use different roots, call tls_certs_only(your_roots).
  • native-tls now includes ALPN. To disable, use native-tls-no-alpn.
  • query and form are now crate features, disabled by default.
  • Long-deprecated methods and crate features have been removed (such as trust-dns, which was renamed hickory-dns a while ago).
• Many TLS-related methods renamed to improve autocompletion and discovery, but previous name left in place with a "soft" deprecation. (just documented, no warnings)
  • For example, prefer tls_backend_rustls() over use_rustls_tls().

v0.12.28

• Fix compiling on Windows if TLS and SOCKS features are not enabled.

v0.12.27

• Add ClientBuilder::windows_named_pipe(name) option that will force all requests over that Windows Named Piper.

v0.12.26

• Fix sending Accept-Encoding header only with values configured with reqwest, regardless of underlying tower-http config.

v0.12.25

• Add Error::is_upgrade() to determine if the error was from an HTTP upgrade.
• Fix sending Proxy-Authorization if only username is configured.
• Fix sending Proxy-Authorization to HTTPS proxies when the target is HTTP.
• Refactor internal decompression handling to use tower-http.

v0.12.24

• Refactor cookie handling to an internal middleware.
• Refactor internal random generator.
• Refactor base64 encoding to reduce a copy.
• Documentation updates.

v0.12.23

• Add ClientBuilder::unix_socket(path) option that will force all requests over that Unix Domain Socket.
• Add ClientBuilder::retry(policy) and reqwest::retry::Builder to configure automatic retries.
• Add ClientBuilder::dns_resolver2() with more ergonomic argument bounds, allowing more resolver implementations.

... (truncated)

Commits

• 10fb98c v0.13.1
• 438098a chore: refer to h2 as dep:h2 (#2919)
• 43aac91 chore(ci): bump actions/checkout from 5 to 6 (#2864)
• 175f5b2 fix rustls on android (#2918)
• 1afe88e Depend on quinn/rustls-aws-lc-rs to avoid ring dependency (#2917)
• 62a80af v0.13.0
• e8d89f4 enable ALPN by default in native-tls (#2907)
• 9a9daa7 v0.13.0-rc.1
• d518e45 rustls: allow windows to use extra roots (#2904)
• 934bc84 chore: separate rustls and rustls-no-provider features (#2903)
• Additional commits viewable in compare view

Updates criterion to 0.8.1

Release notes

Sourced from criterion's releases.

criterion-plot-v0.8.1

Fixed

• Typo

Changelog

Sourced from criterion's changelog.

0.8.1 - 2025-12-07

Fixed

• Homepage link

Other

• (deps) bump crate-ci/typos from 1.23.5 to 1.40.0
• (deps) bump jontze/action-mdbook from 3 to 4
• (deps) bump actions/checkout from 4 to 6

0.8.0 - 2025-11-29

BREAKING

• Drop async-std support

Changed

• Bump MSRV to 1.86, stable to 1.91.1

Added

• Add ability to plot throughput on summary page.
• Add support for reporting throughput in elements and bytes - Throughput::ElementsAndBytes allows the text summary to report throughput in both units simultaneously.
• Add alloca-based memory layout randomisation to mitigate memory effects on measurements.
• Add doc comment to benchmark runner in criterion_group macro (removes linter warnings)

Fixed

• Fix plotting NaN bug

Other

• Remove Master API Docs links temporarily while we restore the docs publishing.

[0.7.0] - 2025-07-25

• Bump version of criterion-plot to align dependencies.

[0.6.0] - 2025-05-17

Changed

• MSRV bumped to 1.80
• The real_blackbox feature no longer has any impact. Criterion always uses std::hint::black_box() now. Users of criterion::black_box() should switch to std::hint::black_box().
• clap dependency unpinned.

Fixed

... (truncated)

Commits

• e4e06df chore: release v0.8.1
• aa548b9 fix: Homepage link
• 950c3b7 fix: Typo
• 7e3e50c chore(deps): bump crate-ci/typos from 1.23.5 to 1.40.0
• 391a99a chore(deps): bump jontze/action-mdbook from 3 to 4
• 8fb9a87 chore(deps): bump actions/checkout from 4 to 6
• b49ade7 chore: release v0.8.0
• c56485f docs: Mark Master API Docs links that need to be updated
• 86526a4 docs: Remove Master API Docs link temporarily
• 00a443f docs: Update README links
• Additional commits viewable in compare view

Updates pyo3 to 0.22.6

Release notes

Sourced from pyo3's releases.

PyO3 0.22.6

This release corrects the check for free-threaded Python introduced in PyO3 0.22.2 to prevent users accidentally installing PyO3 packages on Python 3.13t; PyO3 0.22 does not support free-threaded Python. (Stay tuned for the 0.23 release coming very soon!)

Thanks @​minrk for the report and @​davidhewitt for the fix!

Changelog

Sourced from pyo3's changelog.

[0.22.6] - 2024-11-05

Fixed

• Fix detection of freethreaded Python 3.13t added in PyO3 0.22.2; freethreaded is not yet supported (support coming soon in 0.23). #4684

[0.22.5] - 2024-10-15

Fixed

• Fix regression in 0.22.4 of naming collision in __clear__ slot and clear method generated code. #4619

[0.22.4] - 2024-10-12

Added

• Add FFI definition PyWeakref_GetRef and compat::PyWeakref_GetRef. #4528

Changed

• Deprecate _borrowed methods on PyWeakRef and PyWeakrefProxy (just use the owning forms). #4590

Fixed

• Revert removal of private FFI function _PyLong_NumBits on Python 3.13 and later. #4450
• Fix __traverse__ functions for base classes not being called by subclasses created with #[pyclass(extends = ...)]. #4563
• Fix regression in 0.22.3 failing compiles under #![forbid(unsafe_code)]. #4574
• Workaround possible use-after-free in _borrowed methods on PyWeakRef and PyWeakrefProxy by leaking their contents. #4590
• Fix crash calling PyType_GetSlot on static types before Python 3.10. #4599

[0.22.3] - 2024-09-15

Added

• Add pyo3::ffi::compat namespace with compatibility shims for C API functions added in recent versions of Python.
• Add FFI definition PyDict_GetItemRef on Python 3.13 and newer, and compat::PyDict_GetItemRef for all versions. #4355
• Add FFI definition PyList_GetItemRef on Python 3.13 and newer, and pyo3_ffi::compat::PyList_GetItemRef for all versions. #4410
• Add FFI definitions compat::Py_NewRef and compat::Py_XNewRef. #4445
• Add FFI definitions compat::PyObject_CallNoArgs and compat::PyObject_CallMethodNoArgs. #4461
• Add GilOnceCell<Py<T>>::clone_ref. #4511

Changed

• Improve error messages for #[pyfunction] defined inside #[pymethods]. #4349
• Improve performance of calls to Python by using the vectorcall calling convention where possible. #4456
• Mention the type name in the exception message when trying to instantiate a class with no constructor defined. #4481

Removed

... (truncated)

Commits

• c000ab9 release: 0.22.6
• 02b8dfe fix compiler warning on 32 bit platforms
• a76ce14 fix detection of freethreaded interpreter
• 4c88e9a release: 0.22.5
• 8f6464e fix __clear__ slot naming collision with clear method (#4619)
• dff9723 release: 0.22.4
• 3330bf2 fix garbage collection in inheritance cases (#4563)
• 8b23397 ci: pypy 3.7 macos on x64 still
• ce63713 ci: run benchmarks on ubuntu 22.04 (#4609)
• b1173f5 ci: fix more ubuntu-24.04 failures (#4610)
• Additional commits viewable in compare view

Updates numpy to 0.27.1

Release notes

Sourced from numpy's releases.

v0.27.1

What's Changed

• Bumped ndarray to 0.17. by @​bangconghuynh in PyO3/rust-numpy#516

New Contributors

• @​bangconghuynh made their first contribution in PyO3/rust-numpy#516

Full Changelog: PyO3/rust-numpy@v0.27.0...v0.27.1

Changelog

Sourced from numpy's changelog.

Changelog

• v0.28.0

  • Fix mismatched behavior between PyArrayLike1 and PyArrayLike2 when used with floats (#520)
  • Add ownership-moving conversions into PyReadonlyArray and PyReadwriteArray (#524)
  • Fix UB when calling PyArray::as_slice and as_slice_mut on misaligned arrays (#525)

• v0.27.1

  • Bump ndarray dependency to v0.17. (#516)

• v0.27.0

  • Bump PyO3 dependency to v0.27.0. (#515)

• v0.26.0

  • bump MSRV to 1.74, matching PyO3 (#504)
  • extend supported nalgebra version to 0.34 (#503)
  • Bump PyO3 dependency to v0.26.0. (#506)

• v0.25.0,

  • Bump PyO3 dependency to v0.25.0. (#492)

• v0.24.0

  • Bump PyO3 dependency to v0.24.0. (#483)
  • Support Python 3.13t "free-threaded" Python. (#471)

• v0.23.0

  • Drop support for PyPy 3.7 and 3.8. (#470)
  • Require Element: Sync as part of the free-threading support in PyO3 0.23 (#469)
  • Bump PyO3 dependency to v0.23.0 ([#457])
    • removed the gil-refs feature
    • reintroduced function names without _bound suffix + deprecating the old names
    • switched to IntoPyObject as trait bound
  • Bump rustc-hash dependency to 2.0. ([#472])

• v0.22.1

  • Fix building on 32-bit Windows. (#463)
  • Add PyReadwriteArray::make_nonwriteable. (#462)
  • Implement From<PyReadWriteArray> for PyReadonlyArray. (#462)

• v0.22.0

  • Bump MSRV to 1.63. (#450)
  • Add permute and transpose methods for changing the order of axes of a PyArray. (#428)
  • Add support for NumPy v2 which had a number of changes to the C API. (#442)
  • Add support for ndarray 0.16. (#439)
  • Bumped pyo3 dependency to v0.22.0 which required the addition of several new methods to the Element trait. (#435)

• v0.21.0

  • Migrate to the new Bound API introduced by PyO3 0.21. (#410) (#411) (#412) (#415) (#416) (#418) (#419) (#420) (#421) (#422)
  • Add a prelude module to simplify importing method traits required by the Bound API. (#417)
  • Extend documentation to cover some more surprising behaviours. (#405) (#414)

... (truncated)

Commits

• 9fffe31 bump numpy to 0.27.1
• d7283f3 extended ndarray to 0.17 (#516)
• d1783af update PyO3 0.27
• 70ffab6 Exclude some unnecessary files from the crate
• 283f122 ci: test 3.14 (#508)
• c3c3918 ci: configure trusted publishing (#507)
• c1727fb update PyO3 0.26 (#506)
• 45734dd extend nalgebra support to 0.34 (#503)
• ffcc0fb bump MSRV to match PyO3 (#504)
• 8bfbb27 fix lint warning with Rust 1.87 (#494)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.