Skip to content

chore(deps): bump the cargo-dependencies group across 1 directory with 2 updates#252

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/contracts/cargo-dependencies-149848e934
Closed

chore(deps): bump the cargo-dependencies group across 1 directory with 2 updates#252
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/contracts/cargo-dependencies-149848e934

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 1, 2026
edited
Loading

Bumps the cargo-dependencies group with 2 updates in the /contracts directory: soroban-sdk and rand.

Updates soroban-sdk from 21.7.7 to 25.3.1

Release notes

Sourced from soroban-sdk's releases.

25.3.1

What's Changed

New Features

  • MuxedAddress now implements ScVal conversion traits and SorobanArbitrary, allowing it to be used as a field in #[contracttype] structs. (#1782)

Improvements

  • Compiler error for reserved type names in contract types: #[contracttype] definitions whose names collide with SDK built-in type names (e.g. Address, Bytes, Symbol) now produce a clear compile-time error instead of silently mapping to the built-in type in the contract spec. (#1788)
  • Using #[contractevent(data_format = "single-value")] with more than one data field now produces a clear compile-time error. (#1794)
  • #[contractimpl] macro now correctly resolves associated types in function return values (not just inputs), and emits clear compiler errors when it cannot resolve an associated type. (#1780)
  • LedgerSnapshot::write_file now writes to a temporary file before atomically replacing the destination, preventing corrupted snapshot files if serialization fails. (#1796)
  • Replaces regular subtraction with saturating_sub when computing max_ttl to guard against potential underflow from misconfiguration. (#1792)

Bug Fixes

  • Generated try_ client methods were always calling mock_all_auths() and ignoring the allow_non_root_auth flag, causing non-root auth to silently fail. They now correctly call mock_all_auths_allowing_non_root_auth() when the flag is set. (#1761)
  • Doc comment truncation could split multi-byte UTF-8 codepoints, producing invalid UTF-8 in the contract's spec XDR. Truncation now always occurs at a valid character boundary. (#1769)
  • The build.rs target check was evaluating against the host target instead of the compilation target, so the Rust version check never fired during cross-compilation. This could silently produce Wasm binaries with unsupported features. The error message now also recommends wasm32v1-none as the preferred target. (#1771)
  • Added checks in register_contract_with_source and register_stellar_asset_contract_v2 to prevent potential auth manager overrides. (#1803)

Documentation

  • Added documentation for the ToXdr and FromXdr traits. (#1767)
  • Improved documentation for Val conversion behavior in SDK collection types. (#1774)
  • Added documentation for the SHA-256 hash verification options available in contractimport! and contractfile! macros. (#1790)
  • Documented how #[contractimpl] determines the exported function names in the contract spec. (#1809)
  • Updated the Pausable trait doc examples to include access control patterns. (#1764)
  • Expanded documentation on how to use mock auth in test scenarios. (#1798)
  • Improved documentation for Poseidon hash functions. (#1816)

All Changes

... (truncated)

Commits
  • e50d95a Bump version to 25.3.1 (#1821)
  • 3198ec0 improve poseidon, poseidon2_permutation docs (#1816)
  • 7f894f4 Skip privacy-pools in soroban-examples CI (#1811)
  • c32bb7e Document #[contractimpl] export name behaviour (#1809)
  • 857c058 Fix panic safety in register_contract_with_source and register_stellar_asset_...
  • 022d7c5 Fix misc typos and doc links (#1804)
  • b92b36b Document contractimport! and contractfile! SHA-256 verification options (...
  • a589139 Add compiler error when reserved type names are used as contract types (#1788)
  • 8503832 Write to a temp file first during snapshot write_file (#1796)
  • 02431df Expand docs for mock auth usage in tests (#1798)
  • Additional commits viewable in compare view

Updates rand from 0.8.6 to 0.10.1

Changelog

Sourced from rand's changelog.

[0.10.1] — 2026-02-11

This release includes a fix for a soundness bug; see #1763.

Changes

  • Document panic behavior of make_rng and add #[track_caller] (#1761)
  • Deprecate feature log (#1763)

#1761: rust-random/rand#1761 #1763: rust-random/rand#1763

[0.10.0] - 2026-02-08

Changes

  • The dependency on rand_chacha has been replaced with a dependency on chacha20. This changes the implementation behind StdRng, but the output remains the same. There may be some API breakage when using the ChaCha-types directly as these are now the ones in chacha20 instead of rand_chacha (#1642).
  • Rename fns IndexedRandom::choose_multiple -> sample, choose_multiple_array -> sample_array, choose_multiple_weighted -> sample_weighted, struct SliceChooseIter -> IndexedSamples and fns IteratorRandom::choose_multiple -> sample, choose_multiple_fill -> sample_fill (#1632)
  • Use Edition 2024 and MSRV 1.85 (#1653)
  • Let Fill be implemented for element types, not sliceable types (#1652)
  • Fix OsError::raw_os_error on UEFI targets by returning Option<usize> (#1665)
  • Replace fn TryRngCore::read_adapter(..) -> RngReadAdapter with simpler struct RngReader (#1669)
  • Remove fns SeedableRng::from_os_rng, try_from_os_rng (#1674)
  • Remove Clone support for StdRng, ReseedingRng (#1677)
  • Use postcard instead of bincode to test the serde feature (#1693)
  • Avoid excessive allocation in IteratorRandom::sample when amount is much larger than iterator size (#1695)
  • Rename os_rng -> sys_rng, OsRng -> SysRng, OsError -> SysError (#1697)
  • Rename Rng -> RngExt as upstream rand_core has renamed RngCore -> Rng (#1717)

Additions

  • Add fns IndexedRandom::choose_iter, choose_weighted_iter (#1632)
  • Pub export Xoshiro128PlusPlus, Xoshiro256PlusPlus prngs (#1649)
  • Pub export ChaCha8Rng, ChaCha12Rng, ChaCha20Rng behind chacha feature (#1659)
  • Fn rand::make_rng() -> R where R: SeedableRng (#1734)

Removals

  • Removed ReseedingRng (#1722)
  • Removed unused feature "nightly" (#1732)
  • Removed feature small_rng (#1732)

#1632: rust-random/rand#1632 #1642: rust-random/rand#1642 #1649: rust-random/rand#1649 #1652: rust-random/rand#1652 #1653: rust-random/rand#1653 #1659: rust-random/rand#1659 #1665: rust-random/rand#1665 #1669: rust-random/rand#1669 #1674: rust-random/rand#1674 #1677: rust-random/rand#1677 #1693: rust-random/rand#1693 #1695: rust-random/rand#1695 #1697: rust-random/rand#1697

... (truncated)

Commits

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 1, 2026

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot changed the title build(deps): bump the cargo-dependencies group in /contracts with 2 updates chore(deps): bump the cargo-dependencies group across 1 directory with 2 updates Apr 26, 2026
@dependabot dependabot Bot force-pushed the dependabot/cargo/contracts/cargo-dependencies-149848e934 branch 2 times, most recently from 028feef to a0c7086 Compare April 27, 2026 23:58
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 28, 2026

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

@dependabot
chore(deps): bump the cargo-dependencies group across 1 directory wit…
aa17067 
…h 2 updates

Bumps the cargo-dependencies group with 2 updates in the /contracts directory: [soroban-sdk](https://github.com/stellar/rs-soroban-sdk) and [rand](https://github.com/rust-random/rand).


Updates `soroban-sdk` from 21.7.7 to 25.3.1
- [Release notes](https://github.com/stellar/rs-soroban-sdk/releases)
- [Commits](stellar/rs-soroban-sdk@v21.7.7...v25.3.1)

Updates `rand` from 0.8.6 to 0.10.1
- [Release notes](https://github.com/rust-random/rand/releases)
- [Changelog](https://github.com/rust-random/rand/blob/master/CHANGELOG.md)
- [Commits](rust-random/rand@0.8.6...0.10.1)

---
updated-dependencies:
- dependency-name: rand
  dependency-version: 0.10.0
  dependency-type: direct:production
  dependency-group: cargo-dependencies
- dependency-name: soroban-sdk
  dependency-version: 25.3.0
  dependency-type: direct:production
  dependency-group: cargo-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/cargo/contracts/cargo-dependencies-149848e934 branch from a0c7086 to aa17067 Compare May 1, 2026 09:47
@wheval wheval closed this May 28, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 28, 2026

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot Bot deleted the dependabot/cargo/contracts/cargo-dependencies-149848e934 branch May 28, 2026 21:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@wheval