deps(rust): bump the rust-dependencies group with 5 updates

[dependabot]

Bumps the rust-dependencies group with 5 updates:

Package	From	To
tokio	1.49.0	1.50.0
uuid	1.21.0	1.22.0
toml	1.0.3+spec-1.1.0	1.0.6+spec-1.1.0
ort	2.0.0-rc.11	2.0.0-rc.12
sysinfo	0.38.3	0.38.4

Updates tokio from 1.49.0 to 1.50.0

Release notes

Sourced from tokio's releases.

Tokio v1.50.0

1.50.0 (Mar 3rd, 2026)

Added

• net: add TcpStream::set_zero_linger (#7837)
• rt: add is_rt_shutdown_err (#7771)

Changed

• io: add optimizer hint that memchr returns in-bounds pointer (#7792)
• io: implement vectored writes for write_buf (#7871)
• runtime: panic when event_interval is set to 0 (#7838)
• runtime: shorten default thread name to fit in Linux limit (#7880)
• signal: remember the result of SetConsoleCtrlHandler (#7833)
• signal: specialize windows Registry (#7885)

Fixed

• io: always cleanup AsyncFd registration list on deregister (#7773)
• macros: remove (most) local use declarations in tokio::select! (#7929)
• net: fix GET_BUF_SIZE constant for target_os = "android" (#7889)
• runtime: avoid redundant unpark in current_thread scheduler (#7834)
• runtime: don't park in current_thread if before_park defers waker (#7835)
• io: fix write readiness on ESP32 on short writes (#7872)
• runtime: wake deferred tasks before entering block_in_place (#7879)
• sync: drop rx waker when oneshot receiver is dropped (#7886)
• runtime: fix double increment of num_idle_threads on shutdown (#7910, #7918, #7922)

Unstable

• fs: check for io-uring opcode support (#7815)
• runtime: avoid lock acquisition after uring init (#7850)

Documented

• docs: update outdated unstable features section (#7839)
• io: clarify the behavior of AsyncWriteExt::shutdown() (#7908)
• io: explain how to flush stdout/stderr (#7904)
• io: fix incorrect and confusing AsyncWrite documentation (#7875)
• rt: clarify the documentation of Runtime::spawn (#7803)
• rt: fix missing quotation in docs (#7925)
• runtime: correct the default thread name in docs (#7896)
• runtime: fix event_interval doc (#7932)
• sync: clarify RwLock fairness documentation (#7919)
• sync: clarify that recv returns None once closed and no more messages (#7920)
• task: clarify when to use spawn_blocking vs dedicated threads (#7923)
• task: doc that task drops before JoinHandle completion (#7825)
• signal: guarantee that listeners never return None (#7869)
• task: fix task module feature flags in docs (#7891)

... (truncated)

Commits

• 0273e45 chore: prepare Tokio v1.50.0 (#7934)
• e3ee4e5 chore: prepare tokio-macros v2.6.1 (#7943)
• 8c980ea io: add write_all_vectored to tokio-util (#7768)
• e35fd6d ci: fix patch during clippy step (#7935)
• 03fe44c runtime: fix event_interval doc (#7932)
• d18e5df io: fix race in Mock::poll_write (#7882)
• f21f269 runtime: fix race condition during the blocking pool shutdown (#7922)
• d81e8f0 macros: remove (most) local use declarations in tokio::select! (#7929)
• 25e7f26 rt: fix missing quotation in docs (#7925)
• e1a91ef util: fix typo in docs (#7926)
• Additional commits viewable in compare view

Updates uuid from 1.21.0 to 1.22.0

Release notes

Sourced from uuid's releases.

v1.22.0

What's Changed

• Default to rand 0.10 by @​haxtibal in uuid-rs/uuid#863
• Prepare for 1.22.0 release by @​KodrAus in uuid-rs/uuid#864

New Contributors

• @​haxtibal made their first contribution in uuid-rs/uuid#863

Full Changelog: uuid-rs/uuid@v1.21.0...v1.22.0

Commits

• da15792 Merge pull request #864 from uuid-rs/cargo/v1.22.0
• 7ec48c9 prepare for 1.22.0 release
• c4e983f Merge pull request #863 from haxtibal/tdmg/rand_0_9_and_0_10
• f3f677e update workspace root to rand 0.10
• See full diff in compare view

Updates toml from 1.0.3+spec-1.1.0 to 1.0.6+spec-1.1.0

Commits

• a09707e chore: Release
• 7b0feaa docs: Update changelog
• 2902954 Revert "fix(toml): Track dotted key for spans" (#1119)
• a586cae Revert "fix(toml): Track dotted key for spans"
• d35c3f6 chore: Release
• 949b4e8 docs: Update changelog
• 47b878b fix(toml): Track dotted key for spans (#1118)
• 87461d8 fix(toml): Track dotted key for spans
• 796370e test(serde): Check span meaning
• ad87859 test(serde): Track key spans
• Additional commits viewable in compare view

Updates ort from 2.0.0-rc.11 to 2.0.0-rc.12

Release notes

Sourced from ort's releases.

v2.0.0-rc.12

2.0.0-rc.12

💖 If you find ort useful, please consider sponsoring us on Open Collective 💖

🤔 Need help upgrading? Ask questions in GitHub Discussions or in the pyke.io Discord server!

---

This release was made possible by Rime.ai!

Authentic AI voice models for enterprise.

---

📍 Multiversioning

🚨 If you used ort with default-features = false, enable the api-24 feature to use the latest features.

The big highlight of this release is multiversioning: ort can now use any minor version of ONNX Runtime from v1.17 to v1.24. New features are gated behind api-* feature flags, like api-20 or api-24. These flags will set the minimum version of ONNX Runtime required by ort.

More info 👉 https://ort.pyke.io/setup/multiversion

🪄 Automatic device selection

With ONNX Runtime 1.22 or later, ort will now automatically use an NPU if one is available for maximum efficiency & power savings! Setting your own execution providers will override this.

This is thanks to the super cool new SessionBuilder::with_auto_device API! There's also SessionBuilder::with_devices for finer control.

👁️ CUDA 13

ort now ships builds for both CUDA 12 & CUDA 13! It should automatically detect which CUDA you're using, but if it gets it wrong, you can override it by setting the ORT_CUDA_VERSION environment variable to 12 or 13.

🩹 SessionBuilder error recovery

You can now recover from errors when building a session by calling .recover() on the error type to get the SessionBuilder back.

🛡️ Build attestations

Prebuilt binaries are now attested via GitHub Actions, so you can verify that they are untampered builds of ONNX Runtime coming straight from pyke.io.

To verify, download your binary package of choice and use the gh CLI to verify:

➜  gh attestation verify --owner pykeio ./x86_64-pc-windows-msvc+cu13.tar.lzma2
Loaded digest sha256:e96616510082108be228ad6ea026246a31650b7d446b330c6b9671fcb9ae6267 for file://./x86_64-pc-windows-msvc+cu13.tar.lzma2
Loaded 1 attestation from GitHub API
The following policy criteria will be enforced:

OIDC Issuer must match:................... https://token.actions.githubusercontent.com
Source Repository Owner URI must match:... https://github.com/pykeio

</tr></table>

... (truncated)

Commits

• f085e4c 2.0.0-rc.12
• 079ecb4 fix: one environment (#542)
• 0023124 fix(tract): support external data
• e9666c7 fix: no_std
• a08efe6 feat: manual device selection
• 771e1a5 refactor: make Outlet wrap OrtValueInfo
• a02122d fix: web, no-std
• 0fe5b25 config: silence clippy warning
• fb29790 feat: recover from SessionBuilder errors
• 831422c docs(readme): update projects
• Additional commits viewable in compare view

Updates sysinfo from 0.38.3 to 0.38.4

Changelog

Sourced from sysinfo's changelog.

0.38.4

• macOS: Unpin objc2-* crates version.
• Linux: Fix computation of disk size.

Commits

• 97c194d Merge pull request #1642 from GuillaumeGomez/update
• 91b92f1 Update crate version to 0.38.4
• 8e8f76c Update CHANGELOG for 0.38.4
• 9e6f37c Merge pull request #1641 from madsmtm/macos-no-pin-deps
• 73d545c Fix warnings introduced in new objc2-* versions
• 5cc4bcb Don't pin objc2-* crates
• 5d4c63b Merge pull request #1640 from patjakdev/patjakdev/fix-1639
• a8ee05c Use fragment size instead of block size for disk stats
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.