chore(deps): bump cartog from 0.10.1 to 0.17.1

[dependabot]

Bumps cartog from 0.10.1 to 0.17.1.

Release notes

Sourced from cartog's releases.

v0.17.1

[0.17.1] - 2026-05-20

Bug Fixes

• db: Retry embedding-dimension migration on SQLITE_BUSY (a75dec0)
• rag: Detect provider/model swap, not just dimension change (c1a4112)
• serve,rag: Close race windows and stabilize embedding fingerprint (949ac43)
• db: Wrap migration writes in transactions + tighten schema-drift error (1a563f7)
• rag: Drop fingerprint reconcile from cartog rag search (f66b796)
• mcp: Harden promotion ordering, retry, validation, and cancellation (9e59f5b)
• Address inline review findings on PR #55 fixes (081cdfc)
• mcp: Poison-safe promotion + surface watcher_active in cartog_stats (9f157fe)

Documentation

• Spec + sync for single-writer MCP (bc2a747)
• Drop unsafe manual lock deletion + fix log copy + state_dir path (4d876b1)
• spec: Record review fixes + correct cartog rag search reconcile claim (8c01bde)

Features

• serve: SIGTERM-aware shutdown, PID-reuse-safe locks, quieter MCP logs (2904177)
• serve: Single-writer election via O_EXCL PID locks (c882021)
• db: Database::open_readonly for secondary cartog processes (56d220c)
• mcp: Attach read-only when another cartog process is primary (82c6f24)
• db,watch: Open_existing_rw + watcher skip flags for promotion (5d8fe84)
• mcp: Promote secondary to primary when watched holder dies (24c5c70)

v0.17.0

[0.17.0] - 2026-05-19

Bug Fixes

• indexer: Skip LSP edge resolution on no-op reindex (1d445bf)
• db: Keep target_id and resolution_state in sync across all UPDATE sites (264033b)

Documentation

• lsp: Clarify two-mode coverage in no-servers regression test (a0533f6)

Features

• db: Persist edge resolution_state, skip unresolvable in LSP pass (ccbbea3)

v0.16.2

[0.16.2] - 2026-05-19

v0.16.1

[0.16.1] - 2026-05-19

... (truncated)

Changelog

Sourced from cartog's changelog.

[0.17.1] - 2026-05-20

Bug Fixes

• Remove redundant clippy-flagged test assertion and enforce fmt/clippy in AGENTS.md (203825b)
• Format error (515cd67)
• extract: Capture calls in package-level var/const initializers (3735bd6)
• search: Rank definitions above variables/imports in search results (bdfa966)
• ci: Resolve gitleaks false positive on fixture fake API key (9ef398d)
• ci: Remove deprecated os and use cross binaries (5804ed5)
• skill: Add "show me" trigger patterns to cartog skill description (fe7020f)
• Update quinn-proto 0.11.13 -> 0.11.14 (RUSTSEC-2026-0037 DoS) (68b0399)
• Do exceed limit description (ecd612d)
• Address review findings — chunking, CTE, migration logging (3970e5c)
• Embedding chunking review — UTF-8 safety, false positive filters, docs (0907fee)
• plugin: Restore marketplace.json with distinct name (c477286)
• Let llm find skill direcotry (1505530)
• site: Restore feature-card transition, fix hover border-top override, revert unauthorized padding/radius (cd99119)
• site: Remove dead stats CSS rules, remove redundant install-options grid override (5f2078a)
• workspace: Mark library crates as publish = false, fix cargo-deny policy (53ae662)
• fixtures: Add standalone workspace to Rust fixture (072bf1c)
• publish: Add version to workspace deps and fix release pipeline (4b516dd)
• publish: Publish all workspace crates in dependency order (a724b96)
• publish: Enable crates.io publishing for all workspace crates (f453017)
• publish: Increase delay between crate publishes to 60s (a260010)
• ci: Upgrade GitHub Actions to Node.js 24 compatible versions (776bb2d)
• rag: Prevent silent vector index wipe and cache providers (51aad71)
• db: Preserve stored embedding dimension when caller passes default (9667a15)
• site: Correct stale #compare nav anchor to #why (2c9576f)
• db: Correct column mapping in search() and refs() queries (8f6f7ae)
• cli: Handle --kind all in search and changes commands (83d3fab)
• db: Wrap multi-statement deletes in transactions (45aca44)
• db: Add chunking guards and reorder migration (8fef1b1)
• indexer: Prevent symlink loops and fix dedup collision bug (e5acbc4)
• lsp: Detect EOF in read_headers to avoid infinite loop (ac0ea59)
• doctor: Improve robustness of health checks (7d3931c)
• mcp: Suppress dead_code warning on tool_router field (b123928)
• plugin: Remove .mcp.json to avoid duplicate MCP server with plugin (1bee808)
• plugin: Use CLAUDE_PLUGIN_ROOT for hook script path (0f91692)
• plugin: Remove invalid agents field from manifest (a5a6655)
• languages: Panic on multi-byte UTF-8 in markdown extractor (5d731d6)
• db: Wrap index_directory Phase 3 in a single transaction (e7d854b)
• db: Tighten transaction contract docs + e2e rollback test (7cf281d)
• plugin: Use semver compare in update check, not string equality (7cea701)
• self-update: Harden upgrade flow against post-swap edge cases (81eac1f)
• release: Publish cartog-process-lock to crates.io (76a2ba1)
• test: Work around Linux ETXTBSY in smoke_test unit tests (3596c58)
• skill: Print actionable install guide when cartog is missing (8feb09c)
• skill: Auto-install/update cartog binary against plugin version (6c5a296)
• skill: Defer cartog self update to SessionEnd to avoid peer-running deadlock (2e68387)

... (truncated)

Commits

• abbbbda chore: bump version to 0.17.1
• 5b08c39 Merge pull request #55 from jrollin/feat/single-writer-mcp
• 9f157fe fix(mcp): poison-safe promotion + surface watcher_active in cartog_stats
• 081cdfc fix: address inline review findings on PR #55 fixes
• 8c01bde docs(spec): record review fixes + correct cartog rag search reconcile claim
• 4d876b1 docs: drop unsafe manual lock deletion + fix log copy + state_dir path
• 9e59f5b fix(mcp): harden promotion ordering, retry, validation, and cancellation
• f66b796 fix(rag): drop fingerprint reconcile from cartog rag search
• 1a563f7 fix(db): wrap migration writes in transactions + tighten schema-drift error
• 949ac43 fix(serve,rag): close race windows and stabilize embedding fingerprint
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)