chore(deps): bump the production-dependencies group with 3 updates

[dependabot]

Bumps the production-dependencies group with 3 updates: geojson, geozero and jsonschema.

Updates geojson from 0.24.2 to 1.0.0

Changelog

Sourced from geojson's changelog.

v1.0.0 - 2025-03-16

• BREAKING: Position is now a struct, rather than a type alias for Vec. The new struct uses the tinyvec crate, which allows for faster GeoJSON processing in the common (2-D) case by avoiding per-coordinate heap allocations.

  // BEFORE: Position *was* a Vec. A Vec is always allocated on the heap, which is slow.
  let position: Position = vec![1.0, 2.0];
  let x = position[0];
  // AFTER: Position is its own type, buildable from a Vec.
  let position: Position = vec![1.0, 2.0].into();
  // index access is unchanged
  let x = position[0];
  // Alternatively, you can now construct from an Array, avoiding the Vec's heap allocation.
  let position: Position = [1.0, 2.0].into();
  // equivalently:
  let position = Position::from([1.0, 2.0]);
  // You can still build 3D+ Positions. These higher dimension coordinates will use Heap storage.
  let position = Position::from([1.0, 2.0, 3.0]);
  let position = Position::from(vec![1.0, 2.0, 3.0, 4.0, 5.0, 6.0]);

  • See georust/geojson#222
• Substantially speed up parsing (Benches show 30% reduction). This was essentially a rewrite of our deserialization logic. Instead of going from input -> serde_json::JsonObject -> geojson types we now go directly from input -> geojson types.
• Deserialization errors now include line number and column position. Before:

  Encountered neither number type nor string type for 'id' field on 'feature' object: {} After: Error while deserializing GeoJSON: Feature 'id' must be a string or a number at line 3 column 11

• BREAKING: geojson::Error has had many cases removed and some new cases added, reflecting the deserialization rewrite.
• BREAKING: TryInto/From implementations for serde_json::Value and serde_json::Object have been removed now that they are not used for deserialization.
• type is now the first field when serializing GeoJSON objects.
• Since feature.id is optional, we now accept "id: null", whereas previously you were required to omit the id key. Now either is acceptable.
• Fix: Return [] instead of [[]] for POLYGON EMPTY.
  • See georust/geojson#262
• Potentially breaking: De/Serializing your custom structs with serde now maps your struct's id field to Feature.id, rather than to Feature.properties.id.
• Fix geo_rect_conversion_test to conform to the correctly-wound Polygon output from geo_types::geometry::Rect.to_polygon

... (truncated)

Commits

• f6eafed prepare for 1.0.0 release
• 8c12816 prepare for 0.25.0 release
• c64043f simpler docs
• fa96c26 update to rust 2024 (#273)
• 3c362b4 Additional ergonomic constructors (for Geometry and FeatureCollection) (#271)
• f5fffd0 Remove methods related to json to/from now that we ser/de directly (#270)
• de445d9 Speed up parsing by deserializing directly to geojson (without intermediate s...
• a7870db Move code around - no new functionality (#268)
• 37ea3c9 Merge branch 'mkirk/derive-serialization-3'
• 67c07a1 derive Serialization rather than manual impls
• Additional commits viewable in compare view

Updates geozero from 0.14.0 to 0.15.1

Commits

• See full diff in compare view

Updates jsonschema from 0.33.0 to 0.46.5

Release notes

Sourced from jsonschema's releases.

[Python] Release 0.46.5

Fixed

• Percent-encoded characters in $ref URI fragments (e.g. #/$defs/Request%20class) are now decoded when stored as schema_path.

[Ruby] Release 0.46.5

Fixed

• Percent-encoded characters in $ref URI fragments (e.g. #/$defs/Request%20class) are now decoded when stored as schema_path.

[Rust] Release 0.46.5

Fixed

• Percent-encoded characters in $ref URI fragments (e.g. #/$defs/Request%20class) are now decoded when stored as schema_path.

[Python] Release 0.46.4

Fixed

• Panic in the regex engine when matching against patterns with very large {0,N} quantifiers.

[Rust] Release 0.46.4

Fixed

• Panic in the regex engine when matching against patterns with very large {0,N} quantifiers.

[Ruby] Release 0.46.4

Fixed

• Panic in the regex engine when matching against patterns with very large {0,N} quantifiers.

[Python] Release 0.46.3

Fixed

• Memory not reclaimed when a validator for a schema with recursive $ref or $dynamicRef is dropped. #1125

[Ruby] Release 0.46.3

Fixed

• Memory not reclaimed when a validator for a schema with recursive $ref or $dynamicRef is dropped. #1125

[Rust] Release 0.46.3

Fixed

• Memory not reclaimed when a Validator for a schema with recursive $ref or $dynamicRef is dropped. #1125
• Compilation failure on wasm32-wasip1 and wasm32-unknown-emscripten targets.

[Python] Release 0.46.2

Fixed

• required not enforced when additionalProperties is a schema object and required lists exactly 2 keys.

... (truncated)

Changelog

Sourced from jsonschema's changelog.

[0.46.5] - 2026-05-13

Fixed

• Percent-encoded characters in $ref URI fragments (e.g. #/$defs/Request%20class) are now decoded when stored as schema_path.

[0.46.4] - 2026-05-01

Fixed

• Panic in the regex engine when matching against patterns with very large {0,N} quantifiers.

[0.46.3] - 2026-04-28

Fixed

• Memory not reclaimed when a Validator for a schema with recursive $ref or $dynamicRef is dropped. #1125
• Compilation failure on wasm32-wasip1 and wasm32-unknown-emscripten targets.

[0.46.2] - 2026-04-20

Fixed

• required not enforced when additionalProperties is a schema object and required lists exactly 2 keys.

[0.46.1] - 2026-04-18

Fixed

• required not enforced when properties has 15 or more entries and required lists exactly 2 keys.

[0.46.0] - 2026-04-10

Added

• ValidatorMap for validating instances against subschemas identified by URI-fragment JSON pointer. #1075
• CLI: Accept multiple values after -i/--instance (e.g. jsonschema validate schema.json -i *.json). #1085
• dereference function to recursively inline $ref references. #422
• CLI: jsonschema dereference subcommand to dereference a schema from the command line.

Breaking Changes

• Registry construction now uses an explicit prepare step, and with_registry now borrows the prepared registry. ValidationOptions::with_resource and ValidationOptions::with_resources were removed in favor of building a Registry first. See the Migration Guide for the details.

Performance

• Avoid registry clones and document clones during validator construction. This improves real-world schema compilation by roughly 10-20% in internal benchmarks.

[0.45.1] - 2026-04-06

... (truncated)

Commits

• 2a7c865 chore(ruby): Release 0.46.5
• ee47dde chore(python): Release 0.46.5
• 7745769 chore(rust): Release 0.46.5
• cccf0b4 fix: Percent-encoded characters in $ref URI fragments are now decoded when ...
• fc492c6 build(deps): bump crates/jsonschema/tests/suite
• 8d5abec build(deps): bump crates/jsonschema-referencing/tests/suite
• b3e066c build(deps): update serde-saphyr requirement from 0.0.25 to 0.0.26
• d87ce88 chore(ruby): Release 0.46.4
• ba1ed52 chore(python): Release 0.46.4
• f1a8764 chore(rust): Release 0.46.4
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions