Skip to content

Bump the major group across 1 directory with 12 updates#1799

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/major-282d8fcdd9
Closed

Bump the major group across 1 directory with 12 updates#1799
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/major-282d8fcdd9

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Mar 29, 2026
edited
Loading

Bumps the major group with 12 updates in the / directory:

Package From To
soroban-env-common 25.0.1 26.0.1
soroban-env-guest 25.0.1 26.0.1
soroban-env-host 25.0.1 26.0.1
stellar-xdr 25.0.0 26.0.0
rand 0.8.5 0.9.2
ctor 0.5.0 0.8.0
sha2 0.10.9 0.11.0
itertools 0.10.5 0.13.0
darling 0.20.10 0.23.0
macro-string 0.1.4 0.2.0
thiserror 1.0.63 2.0.18
wasmparser 0.116.1 0.221.3

Updates soroban-env-common from 25.0.1 to 26.0.1

Release notes

Sourced from soroban-env-common's releases.

26.0.1

What's Changed

Full Changelog: stellar/rs-soroban-env@v26.0.0...v26.0.1

26.0.0

What's Changed

Full Changelog: stellar/rs-soroban-env@v25.0.1...v26.0.0

25.2.1

What's Changed

Full Changelog: stellar/rs-soroban-env@v25.0.1...v25.2.1

Commits

Updates soroban-env-guest from 25.0.1 to 26.0.1

Release notes

Sourced from soroban-env-guest's releases.

26.0.1

What's Changed

Full Changelog: stellar/rs-soroban-env@v26.0.0...v26.0.1

26.0.0

What's Changed

Full Changelog: stellar/rs-soroban-env@v25.0.1...v26.0.0

25.2.1

What's Changed

Full Changelog: stellar/rs-soroban-env@v25.0.1...v25.2.1

Commits

Updates soroban-env-host from 25.0.1 to 26.0.1

Release notes

Sourced from soroban-env-host's releases.

26.0.1

What's Changed

Full Changelog: stellar/rs-soroban-env@v26.0.0...v26.0.1

26.0.0

What's Changed

Full Changelog: stellar/rs-soroban-env@v25.0.1...v26.0.0

25.2.1

What's Changed

Full Changelog: stellar/rs-soroban-env@v25.0.1...v25.2.1

Commits

Updates stellar-xdr from 25.0.0 to 26.0.0

Release notes

Sourced from stellar-xdr's releases.

26.0.0

What's Changed

New Contributors

Full Changelog: stellar/rs-stellar-xdr@v25.0.0...v26.0.0

25.0.1

What's Changed

Full Changelog: stellar/rs-stellar-xdr@v25.0.0...v25.0.1

Commits

Updates rand from 0.8.5 to 0.9.2

Changelog

Sourced from rand's changelog.

[0.9.2] - 2025-07-20

Deprecated

  • Deprecate rand::rngs::mock module and StepRng generator (#1634)

Additions

  • Enable WeightedIndex<usize> (de)serialization (#1646)

[0.9.1] - 2025-04-17

Security and unsafe

  • Revise "not a crypto library" policy again (#1565)
  • Remove zerocopy dependency from rand (#1579)

Fixes

  • Fix feature simd_support for recent nightly rust (#1586)

Changes

  • Allow fn rand::seq::index::sample_weighted and fn IndexedRandom::choose_multiple_weighted to return fewer than amount results (#1623), reverting an undocumented change (#1382) to the previous release.

Additions

  • Add rand::distr::Alphabetic distribution. (#1587)
  • Re-export rand_core (#1604)

#1565: rust-random/rand#1565 #1579: rust-random/rand#1579 #1586: rust-random/rand#1586 #1587: rust-random/rand#1587 #1604: rust-random/rand#1604 #1623: rust-random/rand#1623 #1634: rust-random/rand#1634 #1646: rust-random/rand#1646

[0.9.0] - 2025-01-27

Security and unsafe

  • Policy: "rand is not a crypto library" (#1514)
  • Remove fork-protection from ReseedingRng and ThreadRng. Instead, it is recommended to call ThreadRng::reseed on fork. (#1379)
  • Use zerocopy to replace some unsafe code (#1349, #1393, #1446, #1502)

Dependencies

  • Bump the MSRV to 1.63.0 (#1207, #1246, #1269, #1341, #1416, #1536); note that 1.60.0 may work for dependents when using --ignore-rust-version
  • Update to rand_core v0.9.0 (#1558)

Features

  • Support std feature without getrandom or rand_chacha (#1354)
  • Enable feature small_rng by default (#1455)
  • Remove implicit feature rand_chacha; use std_rng instead. (#1473)
  • Rename feature serde1 to serde (#1477)
  • Rename feature getrandom to os_rng (#1537)

... (truncated)

Commits

Updates ctor from 0.5.0 to 0.8.0

Commits

Updates sha2 from 0.10.9 to 0.11.0

Commits

Updates itertools from 0.10.5 to 0.13.0

Changelog

Sourced from itertools's changelog.

0.13.0

Breaking

  • Removed implementation of DoubleEndedIterator for ConsTuples (#853)
  • Made MultiProduct fused and fixed on an empty iterator (#835, #834)
  • Changed iproduct! to return tuples for maxi one iterator too (#870)
  • Changed PutBack::put_back to return the old value (#880)
  • Removed deprecated repeat_call, Itertools::{foreach, step, map_results, fold_results} (#878)
  • Removed TakeWhileInclusive::new (#912)

Added

  • Added Itertools::{smallest_by, smallest_by_key, largest, largest_by, largest_by_key} (#654, #885)
  • Added Itertools::tail (#899)
  • Implemented DoubleEndedIterator for ProcessResults (#910)
  • Implemented Debug for FormatWith (#931)
  • Added Itertools::get (#891)

Changed

  • Deprecated Itertools::group_by (renamed chunk_by) (#866, #879)
  • Deprecated unfold (use std::iter::from_fn instead) (#871)
  • Optimized GroupingMapBy (#873, #876)
  • Relaxed Fn bounds to FnMut in diff_with, Itertools::into_group_map_by (#886)
  • Relaxed Debug/Clone bounds for MapInto (#889)
  • Documented the use_alloc feature (#887)
  • Optimized Itertools::set_from (#888)
  • Removed badges in README.md (#890)
  • Added "no-std" categories in Cargo.toml (#894)
  • Fixed Itertools::k_smallest on short unfused iterators (#900)
  • Deprecated Itertools::tree_fold1 (renamed tree_reduce) (#895)
  • Deprecated GroupingMap::fold_first (renamed reduce) (#902)
  • Fixed Itertools::k_smallest(0) to consume the iterator, optimized Itertools::k_smallest(1) (#909)
  • Specialized Combinations::nth (#914)
  • Specialized MergeBy::fold (#920)
  • Specialized CombinationsWithReplacement::nth (#923)
  • Specialized FlattenOk::{fold, rfold} (#927)
  • Specialized Powerset::nth (#924)
  • Documentation fixes (#882, #936)
  • Fixed assert_equal for iterators longer than i32::MAX (#932)
  • Updated the must_use message of non-lazy KMergeBy and TupleCombinations (#939)

Notable Internal Changes

  • Tested iterator laziness (#792)
  • Created CONTRIBUTING.md (#767)

0.12.1

Added

  • Documented iteration order guarantee for Itertools::[tuple_]combinations (#822)
  • Documented possible panic in iterate (#842)
  • Implemented Clone and Debug for Diff (#845)

... (truncated)

Commits
  • d5084d1 Prepare v0.13.0 release (#937)
  • d7c99d5 TupleCombinations is not lazy but must be used nonetheless
  • 074c7fc KMergeBy is not lazy but must be used nonetheless
  • 2ad9e07 assert_equal: fix clippy::default_numeric_fallback
  • 0d4efc8 Remove free function get
  • 05cc0ee get(s..=usize::MAX) should be fine when s != 0
  • 3c16f14 get: when is it ESI and/or DEI
  • 4dd6ba0 get: panics if the range includes usize::MAX
  • 7a9ce56 get(r: Range) as Skip\<Take>
  • f676f2f Remove the unspecified check about .get(exhausted_range_inclusive)
  • Additional commits viewable in compare view

Updates darling from 0.20.10 to 0.23.0

Release notes

Sourced from darling's releases.

v0.23.0

  • Bump MSRV to 1.88.0; there have been no code changes that caused this, but due to dependency issues CI no longer works on 1.56.0 #357
  • Revert dependency version pins which caused problems #385

v0.22.0

YANKED Pinned dependencies made this version cause conflicts with other crates.

  • BREAKING: Remove fnv dependency, as runtime performance gain does not justify additional dependency. This was exposed to users of darling::usage, so it may be breaking for them #373
  • Add #[darling(default = || expr(val))] support, allowing a closure where a path was previously required #380
  • Preserve span information for paths given to darling::util::Callable as literal strings
  • Fix some documentation typos

v0.21.3

  • Fix: Forward Override::<T>::from_expr to T::from_expr #371

v0.21.2

  • Add #[darling(from_expr = ...)] when deriving FromMeta to support overriding the key-value form #369
  • Keep parsing the body and type params even if there are errors from parsing attributes. #7
  • Support #[darling(with = ...)] on the generics field when deriving FromDeriveInput.
  • Return an error, rather than panicking, when doing shape validation on a union. #365

v0.21.1

  • Track all alternate field names, and show them in error message if there aren't too many. #325
  • Track all alternate values for enum variants, and show them in error messages if there aren't too many. #362

v0.21.0

  • Potentially breaking: Emit error when an attribute path is present in both attributes and forward_attrs. #336
  • Support parsing attributes which contain keywords #238
  • Add SpannedValue::into_inner #342
  • Add #[darling(derive_syn_parse)] to also impl syn::parse::Parse when deriving FromMeta #285
  • Make impl FromMeta for syn::TypePath support both quote-wrapped and bare values #351
  • Add util::PreservedStrExpr #346
  • Impl UsesTypeParams and UsesLifetimes for WithOriginal #215
  • Update error message emitted by <() as FromMeta>::from_list to allow use of () as a #[darling(flatten)] target #353

...

Description has been truncated

@dependabot dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Mar 29, 2026
@dependabot dependabot bot requested review from Copilot and removed request for Copilot March 29, 2026 02:09
@socket-security
Copy link
Copy Markdown

socket-security bot commented Mar 29, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedthiserror@​1.0.63 ⏵ 2.0.188010093100100
Addedwasmparser@​0.221.38210093100100
Addedsoroban-env-host@​26.0.186100100100100
Addedsoroban-env-common@​26.0.191100100100100
Addedstellar-xdr@​26.0.093100100100100
Addedctor@​0.8.010010093100100
Addedmacro-string@​0.2.09910093100100
Addedrand@​0.9.210010093100100
Addedsha2@​0.11.010010093100100
Addedsoroban-env-guest@​26.0.110010093100100
Updateddarling@​0.20.10 ⏵ 0.23.010010093100100

View full report

Copilot AI review requested due to automatic review settings April 5, 2026 02:10
@dependabot dependabot bot force-pushed the dependabot/cargo/major-282d8fcdd9 branch from 706cadd to 4700d76 Compare April 5, 2026 02:10
@dependabot dependabot bot review requested due to automatic review settings April 5, 2026 02:10
@dependabot
Bump the major group across 1 directory with 12 updates
8e3aa95 
Bumps the major group with 12 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [soroban-env-common](https://github.com/stellar/rs-soroban-env) | `25.0.1` | `26.0.1` |
| [soroban-env-guest](https://github.com/stellar/rs-soroban-env) | `25.0.1` | `26.0.1` |
| [soroban-env-host](https://github.com/stellar/rs-soroban-env) | `25.0.1` | `26.0.1` |
| [stellar-xdr](https://github.com/stellar/rs-stellar-xdr) | `25.0.0` | `26.0.0` |
| [rand](https://github.com/rust-random/rand) | `0.8.5` | `0.9.2` |
| [ctor](https://github.com/mmastrac/rust-ctor) | `0.5.0` | `0.8.0` |
| [sha2](https://github.com/RustCrypto/hashes) | `0.10.9` | `0.11.0` |
| [itertools](https://github.com/rust-itertools/itertools) | `0.10.5` | `0.13.0` |
| [darling](https://github.com/TedDriggs/darling) | `0.20.10` | `0.23.0` |
| [macro-string](https://github.com/dtolnay/macro-string) | `0.1.4` | `0.2.0` |
| [thiserror](https://github.com/dtolnay/thiserror) | `1.0.63` | `2.0.18` |
| [wasmparser](https://github.com/bytecodealliance/wasm-tools) | `0.116.1` | `0.221.3` |



Updates `soroban-env-common` from 25.0.1 to 26.0.1
- [Release notes](https://github.com/stellar/rs-soroban-env/releases)
- [Commits](stellar/rs-soroban-env@v25.0.1...v26.0.1)

Updates `soroban-env-guest` from 25.0.1 to 26.0.1
- [Release notes](https://github.com/stellar/rs-soroban-env/releases)
- [Commits](stellar/rs-soroban-env@v25.0.1...v26.0.1)

Updates `soroban-env-host` from 25.0.1 to 26.0.1
- [Release notes](https://github.com/stellar/rs-soroban-env/releases)
- [Commits](stellar/rs-soroban-env@v25.0.1...v26.0.1)

Updates `stellar-xdr` from 25.0.0 to 26.0.0
- [Release notes](https://github.com/stellar/rs-stellar-xdr/releases)
- [Commits](stellar/rs-stellar-xdr@v25.0.0...v26.0.0)

Updates `rand` from 0.8.5 to 0.9.2
- [Release notes](https://github.com/rust-random/rand/releases)
- [Changelog](https://github.com/rust-random/rand/blob/master/CHANGELOG.md)
- [Commits](rust-random/rand@0.8.5...rand_core-0.9.2)

Updates `ctor` from 0.5.0 to 0.8.0
- [Commits](https://github.com/mmastrac/rust-ctor/commits)

Updates `sha2` from 0.10.9 to 0.11.0
- [Commits](RustCrypto/hashes@sha2-v0.10.9...sha2-v0.11.0)

Updates `itertools` from 0.10.5 to 0.13.0
- [Changelog](https://github.com/rust-itertools/itertools/blob/master/CHANGELOG.md)
- [Commits](rust-itertools/itertools@v0.10.5...v0.13.0)

Updates `darling` from 0.20.10 to 0.23.0
- [Release notes](https://github.com/TedDriggs/darling/releases)
- [Changelog](https://github.com/TedDriggs/darling/blob/master/CHANGELOG.md)
- [Commits](TedDriggs/darling@v0.20.10...v0.23.0)

Updates `macro-string` from 0.1.4 to 0.2.0
- [Release notes](https://github.com/dtolnay/macro-string/releases)
- [Commits](dtolnay/macro-string@0.1.4...0.2.0)

Updates `thiserror` from 1.0.63 to 2.0.18
- [Release notes](https://github.com/dtolnay/thiserror/releases)
- [Commits](dtolnay/thiserror@1.0.63...2.0.18)

Updates `wasmparser` from 0.116.1 to 0.221.3
- [Release notes](https://github.com/bytecodealliance/wasm-tools/releases)
- [Commits](https://github.com/bytecodealliance/wasm-tools/commits)

---
updated-dependencies:
- dependency-name: soroban-env-common
  dependency-version: 26.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: soroban-env-guest
  dependency-version: 26.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: soroban-env-host
  dependency-version: 26.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: stellar-xdr
  dependency-version: 26.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: rand
  dependency-version: 0.9.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: major
- dependency-name: ctor
  dependency-version: 0.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: major
- dependency-name: sha2
  dependency-version: 0.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: major
- dependency-name: itertools
  dependency-version: 0.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: major
- dependency-name: darling
  dependency-version: 0.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: major
- dependency-name: macro-string
  dependency-version: 0.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: major
- dependency-name: thiserror
  dependency-version: 2.0.18
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: wasmparser
  dependency-version: 0.221.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/cargo/major-282d8fcdd9 branch from 4700d76 to 8e3aa95 Compare April 6, 2026 15:02
@dependabot dependabot bot requested review from Copilot and removed request for Copilot April 6, 2026 15:02
@dependabot @github
Copy link
Copy Markdown
Author

dependabot bot commented on behalf of github Apr 8, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Apr 8, 2026
@dependabot dependabot bot deleted the dependabot/cargo/major-282d8fcdd9 branch April 8, 2026 00:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants