chore(deps): bump the rust-dependencies group with 14 updates

[dependabot]

Bumps the rust-dependencies group with 14 updates:

Package	From	To
soroban-sdk	21.7.7	26.0.1
thiserror	1.0.69	2.0.18
z3	0.12.1	0.20.0
criterion	0.5.1	0.8.2
toml	0.8.23	1.1.2+spec-1.1.0
toml_edit	0.22.27	0.25.12+spec-1.1.0
colored	2.2.0	3.1.1
sha2	0.10.9	0.11.0
notify	6.1.1	8.2.0
notify-debouncer-mini	0.4.1	0.7.0
warp	0.3.7	0.4.3
md5	0.7.0	0.8.0
bolero	0.10.1	0.13.4
bolero-generator	0.10.2	0.13.5

Updates soroban-sdk from 21.7.7 to 26.0.1

Release notes

Sourced from soroban-sdk's releases.

26.0.1

What's Changed

Improvements

• Update docs clarifying guarantees of the Hash type (stellar/rs-soroban-sdk#1870)
• Surface env!/include! deps in contractmeta! to dep-info (stellar/rs-soroban-sdk#1872)
• Zero-copy improvement for U256 and I256 (stellar/rs-soroban-sdk#1867)

All Changes

• Set empty top-level permissions in claude-review by @​leighmcculloch in stellar/rs-soroban-sdk#1864
• Harden Claude review workflow by @​leighmcculloch in stellar/rs-soroban-sdk#1865
• Clarify guarantees for Hash by @​mootz12 in stellar/rs-soroban-sdk#1870
• Surface env!/include! deps in contractmeta! to dep-info by @​leighmcculloch in stellar/rs-soroban-sdk#1872
• Zero-copy improvement for U256 and I256 by @​dkcumming in stellar/rs-soroban-sdk#1867
• Bump version to 26.0.1 by @​github-actions[bot] in stellar/rs-soroban-sdk#1877

New Contributors

• @​dkcumming made their first contribution in stellar/rs-soroban-sdk#1867

Full Changelog: stellar/rs-soroban-sdk@v26.0.0...v26.0.1

v26.0.0

What's Changed

Breaking Changes

• Renamed assert_in_contract to debug_assert_in_contract — The assert_in_contract macro has been renamed to debug_assert_in_contract and hidden from public documentation, as it is intended for internal use only. The old name has been deprecated. (#1806)

• Removed deprecated token event format from soroban-token-sdk — The deprecated TokenUtils::events() helper, the legacy event module, and the Events wrapper have been removed. These were originally deprecated in v23. (#1822)

• Removed #[macro_export] from internal impl_bytesn_repr macro — This macro was only intended as an internal helper. Its public export has been removed. (#1829)

Deprecations

• Deprecate BLS/BN short type aliases and disambiguate Fr — bls12_381::Fr is renamed to Bls12381Fr and bn254::Fr is renamed to Bn254Fr, with the original names kept as deprecated aliases. The other BLS12-381 short aliases (G1Affine, G2Affine, Fp, Fp2) and the crypto::BnScalar re-export are also deprecated. Existing code continues to compile but will emit deprecation warnings pointing to the new names. This avoids a confusing case where a contract using bn254::Fr as a contract type would silently resolve to the BLS12-381 scalar in the spec mapping. (#1714)

New Features

• CAP-73 — Stellar Asset Contract trust() function: Enables the Stellar Asset Contract to create trustlines for classic G-accounts. The new trust() function creates an unlimited trustline for a specified address, requiring the recipient's authorization via require_auth. (#1814)

• CAP-78 — Limited TTL extensions on contract data: Introduces new TTL extension methods that allow developers to set explicit maximum limits on TTL extensions for persistent and instance storage entries. (#1807)

• CAP-79 — Muxed address strkey conversion: Adds host functions for converting between Stellar strkey format strings and muxed address objects (strkey_to_muxed_address and muxed_address_to_strkey). MuxedAddress now uses these for from_string and to_strkey. (#1745)

• CAP-80 — Additional BN254 and BLS12-381 host functions: Adds new functions for BN254 MSM, BN254 modular arithmetic, and curve membership checks for BLS12-381 and BN254. (#1745)

• CAP-82 — Checked arithmetic for 256-bit integers: Adds checked_{add, sub, mul, pow, div, rem_euclid, shl, shr} functions for 256-bit integer types. These return Option instead of trapping on overflow, allowing contracts to handle arithmetic errors gracefully. Also adds min_value and max_value helpers and == operator support for 256-bit number types. (#1801, #1823)

Improvements

... (truncated)

Commits

• f52b6aa Bump version to 26.0.1 (#1877)
• 0dd79fe Zero-copy improvement for U256 and I256 (#1867)
• 8be8f6e Surface env!/include! deps in contractmeta! to dep-info (#1872)
• 189fb6c Clarify guarantees for Hash (#1870)
• d6864d2 Harden Claude review workflow (#1865)
• b9110c9 Set empty top-level permissions in claude-review (#1864)
• e1bf74b Bump version to 26.0.0 (#1863)
• 026a1da Fix Result type generation for user-defined error enums named "Error" (#1862)
• 6b1e294 Update spec shaking v2 to keep alive subtype markers via reference (#1835)
• 568711d Document version support policy (#1855)
• Additional commits viewable in compare view

Updates thiserror from 1.0.69 to 2.0.18

Release notes

Sourced from thiserror's releases.

2.0.18

• Make compatible with project-level needless_lifetimes = "forbid" (#443, thanks @​LucaCappelletti94)

2.0.17

• Use differently named __private module per patch release (#434)

2.0.16

• Add to "no-std" crates.io category (#429)

2.0.15

• Prevent Error::provide API becoming unavailable from a future new compiler lint (#427)

2.0.14

• Allow build-script cleanup failure with NFSv3 output directory to be non-fatal (#426)

2.0.13

• Documentation improvements

2.0.12

• Prevent elidable_lifetime_names pedantic clippy lint in generated impl (#413)

2.0.11

• Add feature gate to tests that use std (#409, #410, thanks @​Maytha8)

2.0.10

• Support errors containing a generic type parameter's associated type in a field (#408)

2.0.9

• Work around missing_inline_in_public_items clippy restriction being triggered in macro-generated code (#404)

2.0.8

• Improve support for macro-generated derive(Error) call sites (#399)

2.0.7

• Work around conflict with #[deny(clippy::allow_attributes)] (#397, thanks @​zertosh)

2.0.6

• Suppress deprecation warning on generated From impls (#396)

2.0.5

• Prevent deprecation warning on generated impl for deprecated type (#394)

2.0.4

• Eliminate needless_lifetimes clippy lint in generated From impls (#391, thanks @​matt-phylum)

2.0.3

• Support the same Path field being repeated in both Debug and Display representation in error message (#383)
• Improve error message when a format trait used in error message is not implemented by some field (#384)

2.0.2

... (truncated)

Commits

• dc0f6a2 Release 2.0.18
• 0275292 Touch up PR 443
• 3c33bc6 Merge pull request #443 from LucaCappelletti94/master
• 995939c Reproduce issue 442
• 21653d1 Made clippy lifetime allows conditional
• 45e5388 Update actions/upload-artifact@v5 -> v6
• 386aac1 Update actions/upload-artifact@v4 -> v5
• ec50561 Update actions/checkout@v5 -> v6
• 247eab5 Update name of empty_enum clippy lint
• 91b181f Raise required compiler to Rust 1.68
• Additional commits viewable in compare view

Updates z3 from 0.12.1 to 0.20.0

Commits

• See full diff in compare view

Updates criterion from 0.5.1 to 0.8.2

Release notes

Sourced from criterion's releases.

criterion-plot-v0.8.2

Other

• Update Readme

criterion-v0.8.2

Fixed

• don't build alloca on unsupported targets

Other

• (deps) bump crate-ci/typos from 1.40.0 to 1.43.0
• Fix panic with uniform iteration durations in benchmarks
• Update Readme
• Exclude development scripts from published package

criterion-plot-v0.8.1

Fixed

• Typo

criterion-v0.8.1

Fixed

• Homepage link

Other

• (deps) bump crate-ci/typos from 1.23.5 to 1.40.0
• (deps) bump jontze/action-mdbook from 3 to 4
• (deps) bump actions/checkout from 4 to 6

criterion-plot-v0.8.0

No release notes provided.

criterion-v0.8.0

BREAKING

• Drop async-std support

Changed

• Bump MSRV to 1.86, stable to 1.91.1

Added

• Add ability to plot throughput on summary page.
• Add support for reporting throughput in elements and bytes - Throughput::ElementsAndBytes allows the text summary to report throughput in both units simultaneously.
• Add alloca-based memory layout randomisation to mitigate memory effects on measurements.

... (truncated)

Changelog

Sourced from criterion's changelog.

0.8.2 - 2026-02-04

Fixed

• don't build alloca on unsupported targets

Other

• (deps) bump crate-ci/typos from 1.40.0 to 1.43.0
• Fix panic with uniform iteration durations in benchmarks
• Update Readme
• Exclude development scripts from published package

0.8.1 - 2025-12-07

Fixed

• Homepage link

Other

• (deps) bump crate-ci/typos from 1.23.5 to 1.40.0
• (deps) bump jontze/action-mdbook from 3 to 4
• (deps) bump actions/checkout from 4 to 6

0.8.0 - 2025-11-29

BREAKING

• Drop async-std support

Changed

• Bump MSRV to 1.86, stable to 1.91.1

Added

• Add ability to plot throughput on summary page.
• Add support for reporting throughput in elements and bytes - Throughput::ElementsAndBytes allows the text summary to report throughput in both units simultaneously.
• Add alloca-based memory layout randomisation to mitigate memory effects on measurements.
• Add doc comment to benchmark runner in criterion_group macro (removes linter warnings)

Fixed

• Fix plotting NaN bug

Other

• Remove Master API Docs links temporarily while we restore the docs publishing.

... (truncated)

Commits

• 7f0d745 chore: release v0.8.2
• 4a467ce chore(deps): bump crate-ci/typos from 1.40.0 to 1.43.0
• b277a75 Fix panic with uniform iteration durations in benchmarks
• 828af14 fix: don't build alloca on unsupported targets
• b01316b Update Readme
• 4c02a3b Exclude development scripts from published package
• e4e06df chore: release v0.8.1
• aa548b9 fix: Homepage link
• 950c3b7 fix: Typo
• 7e3e50c chore(deps): bump crate-ci/typos from 1.23.5 to 1.40.0
• Additional commits viewable in compare view

Updates toml from 0.8.23 to 1.1.2+spec-1.1.0

Commits

• a3d0047 chore: Release
• cc37615 docs: Update changelog
• 7f5e9e1 fix(parser): Consolidate invalid unquoted key into one error (#1138)
• 52feb90 fix(parser): Consolidate invalid unquoted key into one error
• aad85d4 chore(deps): Update j178/prek-action action to v2 (#1136)
• 8b1ac44 chore(deps): Update compatible (dev) (#1135)
• 9effd79 chore(deps): Update j178/prek-action action to v2
• 9db8aad chore: Release
• e55a663 docs: Update changelog
• c11d7d7 Optimisations (#1133)
• Additional commits viewable in compare view

Updates toml_edit from 0.22.27 to 0.25.12+spec-1.1.0

Commits

• c448b9a chore: Release
• 0a28873 docs: Update changelog
• 16ff687 fix(edit): Don't allow moving tables above root (#1166)
• 05fe0ce fix(edit): Don't allow moving tables above root
• a2d4bf4 test(edit): Show set_position bug
• 95dfe11 chore(deps): Update Prek to v0.4.3 (#1165)
• 1b37d98 chore(deps): Update Prek to v0.4.2 (#1164)
• ce874e7 chore: Update toml-test (#1163)
• f33ed68 chore: Update toml-test
• 1bf7c67 chore(deps): Update Prek to v0.4.1 (#1161)
• Additional commits viewable in compare view

Updates colored from 2.2.0 to 3.1.1

Release notes

Sourced from colored's releases.

v3.1.1

No release notes provided.

v3.1.0

No release notes provided.

v3.0.0

• [BREAKING CHANGE]: Upgrade MSRV to 1.80 and remove the then unnecessary lazy_static dependency.

Changelog

Sourced from colored's changelog.

Unreleased

• Added methods ansi_color and on_ansi_color to Colorize.

3.0.0

• [BREAKING CHANGE]: Upgrade MSRV to 1.80 and remove the then unnecessary lazy_static dependency.

Commits

• 5204a26 3.1.1
• 49392a3 Limit to 5 keywords
• b791685 3.1.0
• 9a83121 Allow windows-sys 0.61 to be used (#218)
• 192598d Clean up Colorize trait
• ec013ae chore: minor improvement for docs (#212)
• 5bc198b Replace 'ansi_term' dev-dependency with 'ansiterm' (#209)
• a21367d Allow windows-sys 0.60 to be used (#206)
• 9450fea Fix clippy warning (#207)
• 68761c1 README: use the latest v3.0 version for example (#204)
• Additional commits viewable in compare view

Updates sha2 from 0.10.9 to 0.11.0

Commits

• ffe0939 Release sha2 0.11.0 (#806)
• 8991b65 Use the standard order of the [package] section fields (#807)
• 3d2bc57 sha2: refactor backends (#802)
• faa55fb sha3: bump keccak to v0.2 (#803)
• d3e6489 sha3 v0.11.0-rc.9 (#801)
• bbf6f51 sha2: tweak backend docs (#800)
• 155dbbf sha3: add default value for the DS generic parameter on TurboShake128/256...
• ed514f2 Use published version of keccak v0.2 (#799)
• 702bcd8 Migrate to closure-based keccak (#796)
• 827c043 sha3 v0.11.0-rc.8 (#794)
• Additional commits viewable in compare view

Updates notify from 6.1.1 to 8.2.0

Release notes

Sourced from notify's releases.

notify-8.2.0

notify 8.2.0 (2025-08-03)

• FEATURE: notify user if inotify's max_user_watches has been reached #698
• FIX: INotifyWatcher ignore events with unknown watch descriptors (instead of EventMask::Q_OVERFLOW) #700

#698: notify-rs/notify#698 #700: notify-rs/notify#700

debouncer-full 0.6.0 (2025-08-03)

• FEATURE: allow FileIdCache trait implementations to choose ownership of the returned file-ids #664
• FEATURE: added support for the flume crate #680
• FIX: skip all Modify events right after a Create event, unless it's a rename event #701

#664: notify-rs/notify#664 #680: notify-rs/notify#680 #701: notify-rs/notify#701

debouncer-mini 0.7.0 (2025-08-03)

• FEATURE: added support for the flume crate #680

file-id 0.2.3 (2025-08-03)

• CHANGE: implement AsRef<FileId> for FileId #664

Full Changelog: notify-rs/notify@notify-8.1.0...notify-8.2.0

notify v8.1.0

What's Changed

• Fix typo by @​mo8it in notify-rs/notify#667
• remove unused imports from documentation by @​20jasper in notify-rs/notify#669
• FileIdCache: Allow flexible handle instead of direct borrow for file ids by @​florian-g2 in notify-rs/notify#664
• Replace github ci workflow by @​dfaust in notify-rs/notify#675
• Add support for flume by @​RenDiego in notify-rs/notify#680
• docs: fix link for file id by @​ckaznable in notify-rs/notify#682
• Do not remove a filename twice by @​worr in notify-rs/notify#683
• Bump kqueue to 1.1.1 by @​worr in notify-rs/notify#684
• chore(ci): Use stable toolchain for rustfmt/clippy by @​JohnTitor in notify-rs/notify#689
• Make INotifyWatcher return the native PathNotFound error when watchin… by @​JanzenJohn in notify-rs/notify#686
• windows: Fix server hangs under some circumstance by @​JunkuiZhang in notify-rs/notify#674
• Remove filetime dependency by @​a1phyr in notify-rs/notify#690
• Update windows-sys to v0.60 by @​a1phyr in notify-rs/notify#691
• chore: Use MSRV for Clippy and rustfmt by @​JohnTitor in notify-rs/notify#694
• Do not clone paths while walking dirs by @​riberk in notify-rs/notify#693
• feat: introduce Watcher::paths_mut for adding/removing paths in batch by @​branchseer in notify-rs/notify#692
• fix: make PathsMut::commit consuming by @​branchseer in notify-rs/notify#695
• chore: Prepare 8.1.0 release by @​JohnTitor in notify-rs/notify#697

New Contributors

• @​mo8it made their first contribution in notify-rs/notify#667
• @​20jasper made their first contribution in notify-rs/notify#669
• @​florian-g2 made their first contribution in notify-rs/notify#664

... (truncated)

Changelog

Sourced from notify's changelog.

notify 8.2.0 (2025-08-03)

• FEATURE: notify user if inotify's max_user_watches has been reached #698
• FIX: INotifyWatcher ignore events with unknown watch descriptors (instead of EventMask::Q_OVERFLOW) #700

#698: notify-rs/notify#698 #700: notify-rs/notify#700

debouncer-full 0.6.0 (2025-08-03)

• FEATURE: allow FileIdCache trait implementations to choose ownership of the returned file-ids #664
• FEATURE: added support for the flume crate #680
• FIX: skip all Modify events right after a Create event, unless it's a rename event #701

#664: notify-rs/notify#664 #680: notify-rs/notify#680 #701: notify-rs/notify#701

debouncer-mini 0.7.0 (2025-08-03)

• FEATURE: added support for the flume crate #680

file-id 0.2.3 (2025-08-03)

• CHANGE: implement AsRef<FileId> for FileId #664

notify 8.1.0 (2025-07-03)

• FEATURE: added support for the flume crate
• FIX: kqueue-backend: do not double unwatch top-level directory when recursively unwatching #683
• FIX: Return the crate error PathNotFound instead bubbling up the std::io error #685
• FIX: fix server hangs when trashing folders on Windows #674

notify 8.0.0 (2025-01-10)

• CHANGE: update notify-types to version 2.0.0
• CHANGE: raise MSRV to 1.77 breaking
• FEATURE: add config option to disable following symbolic links #635
• FIX: unaligned access to FILE_NOTIFY_INFORMATION #647 breaking

#635: notify-rs/notify#635 #647: notify-rs/notify#647

notify-types 2.0.0 (2025-01-10)

• CHANGE: replace instant crate with web-time #652 breaking
• CHANGE: the web-time dependency is now behind the web-time feature breaking

#652: notify-rs/notify#652

debouncer-mini 0.6.0 (2025-01-10)

• CHANGE: update notify to version 8.0.0

debouncer-full 0.5.0 (2025-01-10)

... (truncated)

Commits

• a1d7c2d Prepare release (#706)
• c685ea7 Skip all Modify events right after a Create event, unless it's a rename e...
• e36d54e fix: INotifyWatcher may raise events with no paths (#700)
• 394ef18 feat(inotify): notify a user if the max_user_watches has been reached impli...
• 04473de chore: Prepare 8.1.0 release (#697)
• 12a026d fix: make PathsMut::commit consuming (#695)
• d824023 feat: introduce Watcher::paths_mut for adding/removing paths in batch (#692)
• b984134 Do not clone paths while walking dirs (#693)
• 416ba82 chore: Use MSRV for Clippy and rustfmt (#694)
• 10ce3ef Update windows-sys to v0.60 (#691)
• Additional commits viewable in compare view

Updates notify-debouncer-mini from 0.4.1 to 0.7.0

Release notes

Sourced from notify-debouncer-mini's releases.

notify-debouncer-full: v0.7.0

[!IMPORTANT] The MSRV policy has been changed since this release. Check out README for details.

• FEATURE: support wasm build #673
• FIX: events within the timeout were not deduplicated, causing event_handler to be called multiple times for events that should have been merged #711

#673: notify-rs/notify#673 #711: notify-rs/notify#711

Commits

• e4a0ea8 debouncer-full: prepare v0.7.0 release (#762)
• 1f47465 chore(deps): update rust crate windows-sys to 0.61.0 (#760)
• e268a17 chore(deps): update rust crate flume to 0.12.0 (#755)
• aa8b8c4 chore(deps): update rust crate mio to v1.1.1 (#753)
• e817c99 chore(deps): update rust crate insta to v1.46.1 (#756)
• 172217f chore(deps): update rust crate deser-hjson to v2.2.5 (#750)
• 42e87ae chore(deps): update rust crate serde_json to v1.0.149 (#754)
• a3a7304 chore(deps): update rust crate tempfile to v3.24.0 (#759)
• cb3043e chore(deps): update rust crate rand to 0.9.0 (#758)
• bb30ddf chore(deps): update rust crate nix to 0.30.0 (#757)
• Additional commits viewable in compare view

Updates warp from 0.3.7 to 0.4.3

Release notes

Sourced from warp's releases.

v0.4.1

Fixes:

• Fix Server::graceful() bounds incorrect requiring the filter to be a future.
• Enable tokio/net when the server feature is enabled.
• Render cfgs in the docs.

Full Changelog: seanmonstar/warp@v0.4.0...v0.4.1

v0.4.0

Changes:

• Upgrade to hyper, http, and http-body to v1.
• Remove multipart and websocket features from being enabled by default.
• Put warp::serve() behind a server feature, not enabled by default.
• Put warp::test behind a test feature, not enabled by default.
• Remove tls feature and types.
• Remove warp::addr filters.

Full Changelog: seanmonstar/warp@v0.3.7...v0.4.0

Changelog

Sourced from warp's changelog.

v0.4.3 (May 4, 2026)

• Features:
  • Re-implement addr::remote() filter from v0.3.x.
  • Implement From<&'static [u8]> for Body.
  • Add reply::stream() helper.
• Fixes:
  • Fix returning error from CORS if no request-method header.

v0.4.2 (August 19, 2025)

• Features:
  • Add support for passing UnixListener to incoming(listener).
• Fixes:
  • Reduce some dependencies when server is not enabled.

v0.4.1 (August 6, 2025)

• Fixes:
  • Fix Server::graceful() bounds incorrect requiring the filter to be a future.
  • Enable tokio/net when the server feature is enabled.
  • Render cfgs in the docs.

v0.4.0 (August 5, 2025)

• Changes:
  • Upgrade to hyper, http, and http-body to v1.
  • Remove multipart and websocket features from being enabled by default.
  • Put warp::serve() behind a server feature, not enabled by default.
  • Put warp::test behind a test feature, not enabled by default.
  • Remove tls feature and types.
  • Remove warp::addr filters.

Commits

• 707866c v0.4.3
• 418393d deps: update to tokio-tungstenite 0.29 (#1155)
• d7f6fdd fix(cors): don't error out if no request-method header in OPTIONS (#1158)
• de1ccd8 feat: reexpose Info::remote_addr() in log filter (#1151)
• 468f56b Provides warp::reply::stream (#1148)
• 7e86991 feat: reimplement warp::addr::remote() filter (#1149)
• 3449d3d feat: impl From\<&'static [u8]> for Body (#1144)
• dbb0d33 deps: update to tokio-tungstenite 0.28 (#1141)
• e7e2bb8 ci: update to actions/checkout@v5 (#1145)
• eaf00ef docs: replace doc_auto_cfg config with doc_cfg (#1142)
• Additional commits viewable in compare view

Updates md5 from 0.7.0 to 0.8.0

Commits

• See full diff in compare view

Updates bolero from 0.10.1 to 0.13.4

Commits

• See full diff in compare view

Updates bolero-generator from 0.10.2 to 0.13.5

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
sanctifier	Error		Jun 3, 2026 9:19am