fix(deps): update rust crate jsonschema to 0.40.0

[svc-secops]

This PR contains the following updates:

Package	Type	Update	Change	Pending
jsonschema	dependencies	minor	0.33.0 -> 0.40.0	0.40.2 (+1)

---

Release Notes

Stranger6667/jsonschema (jsonschema)

v0.40.0

Added

• HttpOptions and ValidationOptions::with_http_options() for configuring HTTP client behavior (timeouts, TLS verification, custom CA certificates) when fetching external schemas.
• CLI: --timeout, --connect-timeout, --insecure, and --cacert flags for HTTP configuration.

v0.39.0

Added

• ValidationError::evaluation_path() for the dynamic path including $ref traversals.

Changed

• BREAKING: Simplified custom keyword API - Keyword::validate no longer receives path parameters, and ValidationError::custom only takes a message.

Fixed

• schemaLocation in evaluation output now excludes $ref/$dynamicRef/$recursiveRef per JSON Schema spec.

Performance

• evaluate(): 4.5-30x faster on complex schemas, 12-89% faster overall.
• Recursive schemas with oneOf/anyOf: ~4000x faster via memoization. #​930

v0.38.1

Fixed

• multipleOf validation for integer values between 2^53 and i64::MAX with arbitrary-precision feature.

v0.38.0

Added

• EmailOptions for configuring email format validation. #​903

Fixed

• Use-after-free in async $ref resolution when multiple refs target the same external URL with different fragments. #​906
• multipleOf validation for large u64 values beyond i64::MAX with arbitrary-precision feature.
• Validator not being Send + Sync on WASM targets. #​915

v0.37.4

Fixed

• Stack overflow during validation of schemas with circular $ref chains (e.g., a -> b -> a).
• Local $ref resolution within fragment-extracted external resources. #​892

Removed

• Deprecated PrimitiveType & PrimitiveTypesBitMap.

v0.37.3

Fixed

• External resources not discovered within subresources of local $ref targets. #​892

v0.37.2

Added

• JsonTypeSet::len() and JsonTypeSet::remove() helpers for managing type sets.

Fixed

• External resources not discovered through chained local $ref references. #​892

v0.37.1

Fixed

• Stack overflow on empty $ref value. #​886

v0.37.0

Added

• evaluate() top-level function for convenient access to structured validation output.
• CLI: Schema-only validation now also validates all referenced schemas. #​804
• Support for additional contentEncoding values per RFC 4648: base64url, base32, base32hex, and base16. These encodings are now validated alongside the existing base64 support in Draft 6 and 7. #​26
• validator.iter_errors(instance).into_errors(). It returns a ValidationErrors type that collects validation errors and implements std::error::Error. #​451

Changed

• BREAKING: ValidationError fields are private; use instance(), kind(), instance_path(), and schema_path() instead of accessing struct fields directly.
• BREAKING: ErrorIterator is now a newtype wrapper instead of Box<dyn ValidationErrorIterator>.

Performance

• validate and other APIs returning Result<_, ValidationError> are 5–10% faster in some workloads due to the smaller error handle.
• evaluate: Avoiding deep clones of unmatched keyword values (e.g., title, description, examples) on every schema node evaluation by using Arc internally. Can be multiple times faster for schemas with large annotations.

v0.36.0

Added

• CLI: Structured --output flag|list|hierarchical modes now stream newline-delimited JSON records with schema/instance metadata plus JSON Schema Output v1 payloads (default text output remains human-readable).
• CLI: --errors-only flag to suppress successful validation output and only show failures.
• CLI: When invoked with only a schema file (no instances), validates the schema against its meta-schema. #​804
• New Validator::evaluate() API exposes JSON Schema Output v1 (flag/list/hierarchical) reports along with iterator helpers for annotations and errors.
• meta::validator_for() function to build validators for meta-schema validation with full Validator API access.
• Validator now implements Clone. #​809

Removed

• Validator::apply(), Output, and BasicOutput types have been removed in favor of the richer evaluate() API.

v0.35.0

Added

• Support for custom meta-schemas. Schemas with custom $schema URIs can now be used by registering their meta-schemas in the Registry via jsonschema::options().with_registry(). #​664
• arbitrary-precision feature for exact numeric validation of large integers and decimals beyond standard floating-point limits. #​103
• Support for HTTPS $schema URIs for drafts 04, 06, and 07 (e.g., https://json-schema.org/draft-07/schema). #​802

Changed

• BREAKING: meta::is_valid now panics for unknown $schema values instead of defaulting to Draft 2020-12. meta::validate returns an error for unknown $schema values. Use meta::options().with_registry() to validate schemas against custom meta-schemas.
• BREAKING: Resource::from_contents no longer returns Result and always succeeds, since draft detection no longer fails for unknown $schema values.

Removed

• BREAKING: meta::try_is_valid and meta::try_validate. Use meta::is_valid and meta::validate instead.
• BREAKING: primitive_type module (deprecated since 0.30.0). Use jsonschema::types instead.

Performance

• required: short-circuit when the instance object has fewer properties than required keys.

v0.34.0

Changed

• BREAKING: BasicOutput and Annotations no longer have lifetime parameters. Update type annotations from BasicOutput<'a> to BasicOutput and Annotations<'a> to Annotations.
• referencing: URI caching now avoids hash collisions and reduces lock contention.
• Update fluent-uri to 0.4.1.
• Bump MSRV to 1.83.0.
• Drop the Send + Sync bounds from Retrieve/AsyncRetrieve on wasm32.
• Use the new draftX::meta::validator() helper so meta-schema validators lazy-init on wasm32 while native targets keep borrowing the cached jsonschema::meta::MetaValidator.

Fixed

• Hostname and IDN hostname formats now decode xn-- labels, reject leading combining marks/uppercase prefixes, and enforce the latest JSON Schema punycode context rules.
• Restore wasm32-unknown-unknown support. #​785

Performance

• apply now reuses cached schema locations, URI fragments, and buffers for up to ~2.5x faster validation.
• Recursive and regular $ref compilation deduplicates validator nodes, which decreases the memory usage and improves performance.
• Validator compilation restores the regex cache for faster builds on regex-heavy schemas and precomputes absolute schema locations, trading a bit of compile time for faster apply on location-heavy workloads.
• Large schema compilation is significantly faster. #​755
• unevaluatedProperties validation is 25-35% faster through optimized property marking and early-exit paths.
• unevaluatedProperties memory usage drastically reduced by eliminating redundant registry clones during compilation.
• unevaluatedItems validation is ~10% faster through early-exit optimizations and eliminating redundant validations in combinators.

Removed

• BREAKING: Validator::config to reduce the memory footprint.
• BREAKING: Public DRAFT4_META_VALIDATOR, DRAFT6_META_VALIDATOR, DRAFT7_META_VALIDATOR, DRAFT201909_META_VALIDATOR, and DRAFT202012_META_VALIDATOR statics. Use draftX::meta::validator() helper functions instead (e.g., draft7::meta::validator()).

---

Configuration

📅 Schedule: Branch creation - "every weekend" in timezone America/Los_Angeles, Automerge - "after 8am and before 4pm on tuesday" in timezone America/Los_Angeles.

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

This PR has been generated by Renovate Bot.

[svc-secops]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path crates/apollo-mcp-server/Cargo.toml --package jsonschema@0.33.0 --precise 0.40.0
error: package ID specification `jsonschema@0.33.0` did not match any packages
help: there are similar package ID specifications:

  jsonschema@0.40.2

[apollo-librarian]

✅ Docs preview has no changes

The preview was not built because there were no changes.

Build ID: 9cd357410ffa73d51cd0e8f2
Build Logs: View logs