Skip to content

chore(deps): bump the cargo group across 2 directories with 6 updates#116

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/examples/cosmwasm/rust-optimizer/contract/cargo-6b07556f23
Open

chore(deps): bump the cargo group across 2 directories with 6 updates#116
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/examples/cosmwasm/rust-optimizer/contract/cargo-6b07556f23

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 13, 2026

Bumps the cargo group with 1 update in the /examples/cosmwasm/workspace-optimizer/workspace directory: cosmwasm-std.
Bumps the cargo group with 3 updates in the /local-interchain/rust directory: tokio, bytes and openssl.

Updates serde-json-wasm from 0.5.1 to 0.5.2

Changelog

Sourced from serde-json-wasm's changelog.

[0.5.2] - 2024-01-23

  • Add recursion limit to deserialization (#64).

#64: CosmWasm/serde-json-wasm#64

Commits
  • 94bbc4a Update changelog
  • f86de19 Merge pull request #64 from CosmWasm/recursion-limit-0.5
  • 35c33c6 Fix typo
  • a9a9b9b Add recursion limit
  • be32160 Merge pull request #57 from CosmWasm/improve-serde_json-compatibility-testing
  • d98dab6 Update serde_json
  • b859f54 Remove comments about omitting None values
  • 6e11418 Improve serde_json compatibility testing
  • See full diff in compare view

Updates cosmwasm-std from 1.4.0 to 1.4.4

Release notes

Sourced from cosmwasm-std's releases.

v1.4.4

Attached there are some build artifacts generated at this tag. Those are for development purposes only! Please use crates.io to find the packages of this release.

v1.4.3

Attached there are some build artifacts generated at this tag. Those are for development purposes only! Please use crates.io to find the packages of this release.

v1.4.1

Attached there are some build artifacts generated at this tag. Those are for development purposes only! Please use crates.io to find the packages of this release.

Changelog

Sourced from cosmwasm-std's changelog.

[1.4.4]

Fixed

  • cosmwasm-std: Fix CWA-2024-002

Added

  • cosmwasm-std: Implement &T + T and &T op &T for Uint64, Uint128, Uint256 and Uint512; improve panic message for Uint64::add and Uint512::add (#2092)
  • cosmwasm-std: Add Uint{64,128,256,512}::strict_add and ::strict_sub which are like the Add/Sub implementations but const. (#2098, #2107)

#2092: CosmWasm/cosmwasm#2092 #2098: CosmWasm/cosmwasm#2098 #2107: CosmWasm/cosmwasm#2107

Changed

  • cosmwasm-vm: Read Region from Wasm memory as bytes and convert to Region afterwards (#2005)
  • cosmwasm-std: Let Timestamp::plus_nanos/::minus_nanos use Uint64::strict_add/::strict_sub and document overflows. (#2098, #2107)

#2005: CosmWasm/cosmwasm#2005 #2098: CosmWasm/cosmwasm#2098 #2107: CosmWasm/cosmwasm#2107

[1.4.3] - 2024-01-18

Fixed

  • cosmwasm-vm: Fix memory increase issue (1.3 -> 1.4 regression) by avoiding the use of a long running Wasmer Engine. (#1978)

#1978: CosmWasm/cosmwasm#1978

[1.4.2] - 2024-01-10

Fixed

  • cosmwasm-vm: Fix CWA-2023-004.

Added

  • cosmwasm-vm: Add constructor CacheOptions::new

[1.4.1] - 2023-10-09

... (truncated)

Commits

Updates serde-json-wasm from 0.5.1 to 0.5.2

Changelog

Sourced from serde-json-wasm's changelog.

[0.5.2] - 2024-01-23

  • Add recursion limit to deserialization (#64).

#64: CosmWasm/serde-json-wasm#64

Commits
  • 94bbc4a Update changelog
  • f86de19 Merge pull request #64 from CosmWasm/recursion-limit-0.5
  • 35c33c6 Fix typo
  • a9a9b9b Add recursion limit
  • be32160 Merge pull request #57 from CosmWasm/improve-serde_json-compatibility-testing
  • d98dab6 Update serde_json
  • b859f54 Remove comments about omitting None values
  • 6e11418 Improve serde_json compatibility testing
  • See full diff in compare view

Updates curve25519-dalek from 3.2.0 to 4.1.3

Release notes

Sourced from curve25519-dalek's releases.

v4.0.0-pre.5

curve25519-dalek is a library providing group operations on the Edwards and Montgomery forms of Curve25519, and on the prime-order Ristretto group.

Breaking changes in 4.0.0

  • Update the MSRV from 1.41 to 1.56.1
  • Update backend selection to be more automatic
  • Remove std feature flag
  • Remove nightly feature flag
  • Make digest an optional feature
  • Make rand_core an optional feature
  • Replace methods Scalar::{zero, one} with constants Scalar::{ZERO, ONE}
  • Scalar::from_canonical_bytes now returns CtOption
  • Scalar::is_canonical now returns Choice
  • Deprecate EdwardsPoint::hash_from_bytes and rename it EdwardsPoint::nonspec_map_to_curve
  • Require including a new trait, use curve25519_dalek::traits::BasepointTable whenever using EdwardsBasepointTable or RistrettoBasepointTable

This release also does a lot of dependency updates and relaxations to unblock upstream build issues.

Commits
  • 5312a03 curve: Bump version to 4.1.3 (#660)
  • b4f9e4d SECURITY: fix timing variability in backend/serial/u32/scalar.rs (#661)
  • 415892a SECURITY: fix timing variability in backend/serial/u64/scalar.rs (#659)
  • 56bf398 Updates license field to valid SPDX format (#647)
  • 9252fa5 Mitigate check-cfg until MSRV 1.77 (#652)
  • 1efe6a9 Fix a minor typo in signing.rs (#649)
  • cc3421a Indicate that the rand_core feature is required (#641)
  • 858c4ca Address new nightly clippy unnecessary qualifications (#639)
  • 31ccb67 Remove platforms in favor using CARGO_CFG_TARGET_POINTER_WIDTH (#636)
  • 19c7f4a Fix new nightly redundant import lint warns (#638)
  • Additional commits viewable in compare view

Updates tokio from 1.39.2 to 1.43.1

Release notes

Sourced from tokio's releases.

Tokio v1.43.0

1.43.0 (Jan 8th, 2025)

Added

  • net: add UdpSocket::peek methods (#7068)
  • net: add support for Haiku OS (#7042)
  • process: add Command::into_std() (#7014)
  • signal: add SignalKind::info on illumos (#6995)
  • signal: add support for realtime signals on illumos (#7029)

Fixed

  • io: don't call set_len before initializing vector in Blocking (#7054)
  • macros: suppress clippy::needless_return in #[tokio::main] (#6874)
  • runtime: fix thread parking on WebAssembly (#7041)

Changes

  • chore: use unsync loads for unsync_load (#7073)
  • io: use Buf::put_bytes in Repeat read impl (#7055)
  • task: drop the join waker of a task eagerly (#6986)

Changes to unstable APIs

  • metrics: improve flexibility of H2Histogram Configuration (#6963)
  • taskdump: add accessor methods for backtrace (#6975)

Documented

  • io: clarify ReadBuf::uninit allows initialized buffers as well (#7053)
  • net: fix ambiguity in TcpStream::try_write_vectored docs (#7067)
  • runtime: fix LocalRuntime doc links (#7074)
  • sync: extend documentation for watch::Receiver::wait_for (#7038)
  • sync: fix typos in OnceCell docs (#7047)

#6874: tokio-rs/tokio#6874 #6963: tokio-rs/tokio#6963 #6975: tokio-rs/tokio#6975 #6986: tokio-rs/tokio#6986 #6995: tokio-rs/tokio#6995 #7014: tokio-rs/tokio#7014 #7029: tokio-rs/tokio#7029 #7038: tokio-rs/tokio#7038 #7041: tokio-rs/tokio#7041 #7042: tokio-rs/tokio#7042 #7047: tokio-rs/tokio#7047 #7053: tokio-rs/tokio#7053 #7054: tokio-rs/tokio#7054 #7055: tokio-rs/tokio#7055

... (truncated)

Commits
  • a7b658c chore: prepare Tokio v1.43.1 release
  • c1c8d10 Merge remote-tracking branch 'origin/tokio-1.38.x' into forward-port-1.38.x
  • aa303bc chore: prepare Tokio v1.38.2 release
  • 7b6ccb5 chore: backport CI fixes
  • 4b174ce sync: fix cloning value when receiving from broadcast channel
  • 5f3296d chore: prepare Tokio v1.43.0 (#7079)
  • cc974a6 chore: prepare tokio-macros v2.5.0 (#7078)
  • 15495fd metrics: improve flexibility of H2Histogram Configuration (#6963)
  • ad41834 io: don't call set_len before initializing vector in Blocking (#7054)
  • bd3e857 runtime: move is_join_waker_set assertion in unset_waker (#7072)
  • Additional commits viewable in compare view

Updates bytes from 1.7.1 to 1.11.1

Release notes

Sourced from bytes's releases.

Bytes v1.11.1

1.11.1 (February 3rd, 2026)

  • Fix integer overflow in BytesMut::reserve

Bytes v1.11.0

1.11.0 (November 14th, 2025)

  • Bump MSRV to 1.57 (#788)

Fixed

  • fix: BytesMut only reuse if src has remaining (#803)
  • Specialize BytesMut::put::<Bytes> (#793)
  • Reserve capacity in BytesMut::put (#794)
  • Change BytesMut::remaining_mut to use isize::MAX instead of usize::MAX (#795)

Internal changes

  • Guarantee address in slice() for empty slices. (#780)
  • Rename Vtable::to_* -> Vtable::into_* (#776)
  • Fix latest clippy warnings (#787)
  • Ignore BytesMut::freeze doctest on wasm (#790)
  • Move drop_fn of from_owner into vtable (#801)

Bytes v1.10.1

1.10.1 (March 5th, 2025)

Fixed

  • Fix memory leak when using to_vec with Bytes::from_owner (#773)

#773: tokio-rs/bytes#773

Bytes v1.10.0

1.10.0 (February 3rd, 2025)

Added

  • Add feature to support platforms without atomic CAS (#467)
  • try_get_* methods for Buf trait (#753)
  • Implement Buf::chunks_vectored for Take (#617)
  • Implement Buf::chunks_vectored for VecDeque<u8> (#708)

Fixed

  • Remove incorrect guarantee for chunks_vectored (#754)
  • Ensure that tests pass under panic=abort (#749)

... (truncated)

Changelog

Sourced from bytes's changelog.

1.11.1 (February 3rd, 2026)

  • Fix integer overflow in BytesMut::reserve

1.11.0 (November 14th, 2025)

  • Bump MSRV to 1.57 (#788)

Fixed

  • fix: BytesMut only reuse if src has remaining (#803)
  • Specialize BytesMut::put::<Bytes> (#793)
  • Reserve capacity in BytesMut::put (#794)
  • Change BytesMut::remaining_mut to use isize::MAX instead of usize::MAX (#795)

Internal changes

  • Guarantee address in slice() for empty slices. (#780)
  • Rename Vtable::to_* -> Vtable::into_* (#776)
  • Fix latest clippy warnings (#787)
  • Ignore BytesMut::freeze doctest on wasm (#790)
  • Move drop_fn of from_owner into vtable (#801)

1.10.1 (March 5th, 2025)

Fixed

  • Fix memory leak when using to_vec with Bytes::from_owner (#773)

1.10.0 (February 3rd, 2025)

Added

  • Add feature to support platforms without atomic CAS (#467)
  • try_get_* methods for Buf trait (#753)
  • Implement Buf::chunks_vectored for Take (#617)
  • Implement Buf::chunks_vectored for VecDeque<u8> (#708)

Fixed

  • Remove incorrect guarantee for chunks_vectored (#754)
  • Ensure that tests pass under panic=abort (#749)

1.9.0 (November 27, 2024)

Added

  • Add Bytes::from_owner to enable externally-allocated memory (#742)

Documented

... (truncated)

Commits

Updates openssl from 0.10.66 to 0.10.76

Release notes

Sourced from openssl's releases.

openssl-v0.10.76

What's Changed

New Contributors

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.75...openssl-v0.10.76

openssl-v0.10.75

What's Changed

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump the cargo group across 2 directories with 6 updates
2fa36ee 
Bumps the cargo group with 1 update in the /examples/cosmwasm/workspace-optimizer/workspace directory: [cosmwasm-std](https://github.com/CosmWasm/cosmwasm).
Bumps the cargo group with 3 updates in the /local-interchain/rust directory: [tokio](https://github.com/tokio-rs/tokio), [bytes](https://github.com/tokio-rs/bytes) and [openssl](https://github.com/rust-openssl/rust-openssl).


Updates `serde-json-wasm` from 0.5.1 to 0.5.2
- [Changelog](https://github.com/CosmWasm/serde-json-wasm/blob/v0.5.2/CHANGELOG.md)
- [Commits](CosmWasm/serde-json-wasm@v0.5.1...v0.5.2)

Updates `cosmwasm-std` from 1.4.0 to 1.4.4
- [Release notes](https://github.com/CosmWasm/cosmwasm/releases)
- [Changelog](https://github.com/CosmWasm/cosmwasm/blob/v1.4.4/CHANGELOG.md)
- [Commits](CosmWasm/cosmwasm@v1.4.0...v1.4.4)

Updates `serde-json-wasm` from 0.5.1 to 0.5.2
- [Changelog](https://github.com/CosmWasm/serde-json-wasm/blob/v0.5.2/CHANGELOG.md)
- [Commits](CosmWasm/serde-json-wasm@v0.5.1...v0.5.2)

Updates `curve25519-dalek` from 3.2.0 to 4.1.3
- [Release notes](https://github.com/dalek-cryptography/curve25519-dalek/releases)
- [Commits](dalek-cryptography/curve25519-dalek@3.2.0...curve25519-4.1.3)

Updates `tokio` from 1.39.2 to 1.43.1
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](tokio-rs/tokio@tokio-1.39.2...tokio-1.43.1)

Updates `bytes` from 1.7.1 to 1.11.1
- [Release notes](https://github.com/tokio-rs/bytes/releases)
- [Changelog](https://github.com/tokio-rs/bytes/blob/master/CHANGELOG.md)
- [Commits](tokio-rs/bytes@v1.7.1...v1.11.1)

Updates `openssl` from 0.10.66 to 0.10.76
- [Release notes](https://github.com/rust-openssl/rust-openssl/releases)
- [Commits](rust-openssl/rust-openssl@openssl-v0.10.66...openssl-v0.10.76)

---
updated-dependencies:
- dependency-name: serde-json-wasm
  dependency-version: 0.5.2
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: cosmwasm-std
  dependency-version: 1.4.4
  dependency-type: direct:production
  dependency-group: cargo
- dependency-name: serde-json-wasm
  dependency-version: 0.5.2
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: curve25519-dalek
  dependency-version: 4.1.3
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: tokio
  dependency-version: 1.43.1
  dependency-type: direct:production
  dependency-group: cargo
- dependency-name: bytes
  dependency-version: 1.11.1
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: openssl
  dependency-version: 0.10.76
  dependency-type: indirect
  dependency-group: cargo
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies rust Pull requests that update rust code labels Mar 13, 2026
@dependabot dependabot bot mentioned this pull request Mar 13, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants