deps(backend)(deps): bump fastembed from 5.13.4 to 5.15.0 in /backend#136
Closed
dependabot[bot] wants to merge 1 commit into
Closed
deps(backend)(deps): bump fastembed from 5.13.4 to 5.15.0 in /backend#136dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [fastembed](https://github.com/Anush008/fastembed-rs) from 5.13.4 to 5.15.0. - [Release notes](https://github.com/Anush008/fastembed-rs/releases) - [Commits](Anush008/fastembed-rs@v5.13.4...v5.15.0) --- updated-dependencies: - dependency-name: fastembed dependency-version: 5.15.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
Owner
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
Owner
|
Superseded by #148, which consolidates all open Dependabot bumps and resolves each dependency to the latest compatible release (this PR's bump is included there). |
Contributor
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
pacphi
added a commit
that referenced
this pull request
Jun 8, 2026
…#148) * chore(deps): consolidate Dependabot PRs #125–#147 (latest compatible) Applies every open Dependabot bump on one branch, resolving each dependency to the latest compatible release rather than the (sometimes already-stale) version the PR pinned. Where the applied version is newer than the PR target, it is noted below. Frontend (pnpm): - vitest: → 4.1.8 [#127, target 4.1.7 superseded] - @storybook/react + storybook: → 10.4.2 [#128, target 10.4.1 superseded] - eslint: → 10.4.1; typescript-eslint: → 8.61.0 [#139, ts-eslint 8.60.1 superseded] - idb-keyval: → 6.2.5 [#140] - vite: → 8.0.16 [#141] - date-fns: → 4.4.0 [#142] - turbo: → 2.9.16 [#143] - @tanstack/react-query 5.101.0, react-router 1.170.15 (target 1.170.11 superseded), react-virtual 3.14.2 [#144] - react-dom: → 19.2.7 [#145]; react bumped to 19.2.7 to satisfy peer - zustand: → 5.0.14 [#146] Backend (Cargo): - openssl: → 0.10.80 [#125] - serde_json: → 1.0.150 [#132] - axum-test: → 20.1.0 [#133] - redis: → 1.2.2 [#134] - sqlx: 0.8 → 0.9.0 [#135] (breaking — see below) - fastembed: → 5.16.0 [#136, target 5.15.0 superseded] - uuid: → 1.23.2 [#137] - llama-cpp-4: 0.2 → 0.3.1 [#138, target 0.3.0 superseded] Rust toolchain: - Docker base image rust 1.95-slim → 1.96-slim [#147] - Align rust-toolchain.toml channel and Cargo.toml MSRV to 1.96.0, plus docker-compose RUST_VERSION and the setup/deployment/maintainer/README docs. sqlx 0.9 breaking change: - sqlx 0.9 only implements SqlSafeStr for &'static str; runtime-built query strings now require an explicit safety assertion. Added a single audited choke point `db::audited_sql()` (wraps sqlx::AssertSqlSafe) with one authoritative doc comment, and routed all dynamic-SQL call sites through it (vectors, api, cleanup, mcp, main, integration tests). Every such string is composed only from literals and bind-parameter markers; all values are bound. Verified: backend build (all targets) + 1900+ tests + clippy (strict) + fmt; frontend typecheck + build + tests + eslint + prettier; markdown/yaml lint + internal link check. * docs: align remaining Rust version refs in plan docs to 1.96 Follow-up to the dep consolidation: bump the two plan-doc Rust references (builtin-llm prerequisites and the illustrative CI Dockerfile snippet) from 1.95 to 1.96 to match the upgraded toolchain. Immutable historical records (ADRs, the march-2026 audit) are intentionally left as-is.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps fastembed from 5.13.4 to 5.15.0.
Release notes
Sourced from fastembed's releases.
Commits
47d5ab7chore(release): 5.15.0 [skip ci]4ac869afeat: configurable ONNX Runtime intra-op thread count (with_intra_threads) (#...aae697bchore(release): 5.14.0 [skip ci]72c8697feat: add Bgem3Embedding - joint dense/sparse/ColBERT in a single pass (#254)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)