chore(deps): bump the rust-dependencies group across 1 directory with 13 updates

[dependabot]

Bumps the rust-dependencies group with 13 updates in the / directory:

Package	From	To
soroban-sdk	21.7.7	25.3.1
thiserror	1.0.69	2.0.18
z3	0.12.1	0.20.0
criterion	0.5.1	0.8.2
clap	4.6.0	4.6.1
toml	0.8.23	1.1.2+spec-1.1.0
tokio	1.50.0	1.52.0
colored	2.2.0	3.1.1
rayon	1.11.0	1.12.0
sha2	0.10.9	0.11.0
jsonschema	0.18.3	0.46.0
bolero	0.10.1	0.13.4
bolero-generator	0.10.2	0.13.5

Updates soroban-sdk from 21.7.7 to 25.3.1

Release notes

Sourced from soroban-sdk's releases.

25.3.1

What's Changed

New Features

• MuxedAddress now implements ScVal conversion traits and SorobanArbitrary, allowing it to be used as a field in #[contracttype] structs. (#1782)

Improvements

• Compiler error for reserved type names in contract types: #[contracttype] definitions whose names collide with SDK built-in type names (e.g. Address, Bytes, Symbol) now produce a clear compile-time error instead of silently mapping to the built-in type in the contract spec. (#1788)
• Using #[contractevent(data_format = "single-value")] with more than one data field now produces a clear compile-time error. (#1794)
• #[contractimpl] macro now correctly resolves associated types in function return values (not just inputs), and emits clear compiler errors when it cannot resolve an associated type. (#1780)
• LedgerSnapshot::write_file now writes to a temporary file before atomically replacing the destination, preventing corrupted snapshot files if serialization fails. (#1796)
• Replaces regular subtraction with saturating_sub when computing max_ttl to guard against potential underflow from misconfiguration. (#1792)

Bug Fixes

• Generated try_ client methods were always calling mock_all_auths() and ignoring the allow_non_root_auth flag, causing non-root auth to silently fail. They now correctly call mock_all_auths_allowing_non_root_auth() when the flag is set. (#1761)
• Doc comment truncation could split multi-byte UTF-8 codepoints, producing invalid UTF-8 in the contract's spec XDR. Truncation now always occurs at a valid character boundary. (#1769)
• The build.rs target check was evaluating against the host target instead of the compilation target, so the Rust version check never fired during cross-compilation. This could silently produce Wasm binaries with unsupported features. The error message now also recommends wasm32v1-none as the preferred target. (#1771)
• Added checks in register_contract_with_source and register_stellar_asset_contract_v2 to prevent potential auth manager overrides. (#1803)

Documentation

• Added documentation for the ToXdr and FromXdr traits. (#1767)
• Improved documentation for Val conversion behavior in SDK collection types. (#1774)
• Added documentation for the SHA-256 hash verification options available in contractimport! and contractfile! macros. (#1790)
• Documented how #[contractimpl] determines the exported function names in the contract spec. (#1809)
• Updated the Pausable trait doc examples to include access control patterns. (#1764)
• Expanded documentation on how to use mock auth in test scenarios. (#1798)
• Improved documentation for Poseidon hash functions. (#1816)

All Changes

• Add comment for future EnvTestConfig API privatization by @​leighmcculloch in stellar/rs-soroban-sdk#1752
• Fix try_ client ignoring allow_non_root_auth flag by @​leighmcculloch in stellar/rs-soroban-sdk#1761
• Add access control to Pausable trait examples by @​leighmcculloch in stellar/rs-soroban-sdk#1764
• Document ToXdr and FromXdr traits by @​leighmcculloch in stellar/rs-soroban-sdk#1767
• Fix rust and wasm target check for sdk by @​leighmcculloch in stellar/rs-soroban-sdk#1771
• Improve docs around Val conversion in collections by @​mootz12 in stellar/rs-soroban-sdk#1774
• Add ScVal conversion and SorobanArbitrary impls for MuxedAddress by @​mootz12 in stellar/rs-soroban-sdk#1782
• Improve parsing for associated type usage and add better errors for unsupported patterns by @​mootz12 in stellar/rs-soroban-sdk#1780
• Fix docs_from_attrs truncating mid-UTF-8 codepoint by @​leighmcculloch in stellar/rs-soroban-sdk#1769
• chore: use saturating sub with max_ttl computation by @​mootz12 in stellar/rs-soroban-sdk#1792
• Add compiler error when single value event used with multiple data entries by @​mootz12 in stellar/rs-soroban-sdk#1794
• Expand docs for mock auth usage in tests by @​mootz12 in stellar/rs-soroban-sdk#1798
• Write to a temp file first during snapshot write_file by @​mootz12 in stellar/rs-soroban-sdk#1796
• Add compiler error when reserved type names are used as contract types by @​mootz12 in stellar/rs-soroban-sdk#1788
• Document contractimport! and contractfile! SHA-256 verification options by @​mootz12 in stellar/rs-soroban-sdk#1790
• Fix panic safety in register_contract_with_source and register_stellar_asset_contract_v2 by @​mootz12 in stellar/rs-soroban-sdk#1803
• Fix misc typos and doc links by @​mootz12 in stellar/rs-soroban-sdk#1804
• Document #[contractimpl] export name behaviour by @​leighmcculloch in stellar/rs-soroban-sdk#1809
• Skip privacy-pools in soroban-examples CI by @​leighmcculloch in stellar/rs-soroban-sdk#1811
• improve poseidon, poseidon2_permutation docs by @​jayz22 in stellar/rs-soroban-sdk#1816
• Bump version to 25.3.1 by @​github-actions[bot] in stellar/rs-soroban-sdk#1821

... (truncated)

Commits

• e50d95a Bump version to 25.3.1 (#1821)
• 3198ec0 improve poseidon, poseidon2_permutation docs (#1816)
• 7f894f4 Skip privacy-pools in soroban-examples CI (#1811)
• c32bb7e Document #[contractimpl] export name behaviour (#1809)
• 857c058 Fix panic safety in register_contract_with_source and register_stellar_asset_...
• 022d7c5 Fix misc typos and doc links (#1804)
• b92b36b Document contractimport! and contractfile! SHA-256 verification options (...
• a589139 Add compiler error when reserved type names are used as contract types (#1788)
• 8503832 Write to a temp file first during snapshot write_file (#1796)
• 02431df Expand docs for mock auth usage in tests (#1798)
• Additional commits viewable in compare view

Updates thiserror from 1.0.69 to 2.0.18

Release notes

Sourced from thiserror's releases.

2.0.18

• Make compatible with project-level needless_lifetimes = "forbid" (#443, thanks @​LucaCappelletti94)

2.0.17

• Use differently named __private module per patch release (#434)

2.0.16

• Add to "no-std" crates.io category (#429)

2.0.15

• Prevent Error::provide API becoming unavailable from a future new compiler lint (#427)

2.0.14

• Allow build-script cleanup failure with NFSv3 output directory to be non-fatal (#426)

2.0.13

• Documentation improvements

2.0.12

• Prevent elidable_lifetime_names pedantic clippy lint in generated impl (#413)

2.0.11

• Add feature gate to tests that use std (#409, #410, thanks @​Maytha8)

2.0.10

• Support errors containing a generic type parameter's associated type in a field (#408)

2.0.9

• Work around missing_inline_in_public_items clippy restriction being triggered in macro-generated code (#404)

2.0.8

• Improve support for macro-generated derive(Error) call sites (#399)

2.0.7

• Work around conflict with #[deny(clippy::allow_attributes)] (#397, thanks @​zertosh)

2.0.6

• Suppress deprecation warning on generated From impls (#396)

2.0.5

• Prevent deprecation warning on generated impl for deprecated type (#394)

2.0.4

• Eliminate needless_lifetimes clippy lint in generated From impls (#391, thanks @​matt-phylum)

2.0.3

• Support the same Path field being repeated in both Debug and Display representation in error message (#383)
• Improve error message when a format trait used in error message is not implemented by some field (#384)

2.0.2

... (truncated)

Commits

• dc0f6a2 Release 2.0.18
• 0275292 Touch up PR 443
• 3c33bc6 Merge pull request #443 from LucaCappelletti94/master
• 995939c Reproduce issue 442
• 21653d1 Made clippy lifetime allows conditional
• 45e5388 Update actions/upload-artifact@v5 -> v6
• 386aac1 Update actions/upload-artifact@v4 -> v5
• ec50561 Update actions/checkout@v5 -> v6
• 247eab5 Update name of empty_enum clippy lint
• 91b181f Raise required compiler to Rust 1.68
• Additional commits viewable in compare view

Updates z3 from 0.12.1 to 0.20.0

Commits

• See full diff in compare view

Updates criterion from 0.5.1 to 0.8.2

Release notes

Sourced from criterion's releases.

criterion-plot-v0.8.2

Other

• Update Readme

criterion-v0.8.2

Fixed

• don't build alloca on unsupported targets

Other

• (deps) bump crate-ci/typos from 1.40.0 to 1.43.0
• Fix panic with uniform iteration durations in benchmarks
• Update Readme
• Exclude development scripts from published package

criterion-plot-v0.8.1

Fixed

• Typo

criterion-v0.8.1

Fixed

• Homepage link

Other

• (deps) bump crate-ci/typos from 1.23.5 to 1.40.0
• (deps) bump jontze/action-mdbook from 3 to 4
• (deps) bump actions/checkout from 4 to 6

criterion-plot-v0.8.0

No release notes provided.

criterion-v0.8.0

BREAKING

• Drop async-std support

Changed

• Bump MSRV to 1.86, stable to 1.91.1

Added

• Add ability to plot throughput on summary page.
• Add support for reporting throughput in elements and bytes - Throughput::ElementsAndBytes allows the text summary to report throughput in both units simultaneously.
• Add alloca-based memory layout randomisation to mitigate memory effects on measurements.

... (truncated)

Changelog

Sourced from criterion's changelog.

0.8.2 - 2026-02-04

Fixed

• don't build alloca on unsupported targets

Other

• (deps) bump crate-ci/typos from 1.40.0 to 1.43.0
• Fix panic with uniform iteration durations in benchmarks
• Update Readme
• Exclude development scripts from published package

0.8.1 - 2025-12-07

Fixed

• Homepage link

Other

• (deps) bump crate-ci/typos from 1.23.5 to 1.40.0
• (deps) bump jontze/action-mdbook from 3 to 4
• (deps) bump actions/checkout from 4 to 6

0.8.0 - 2025-11-29

BREAKING

• Drop async-std support

Changed

• Bump MSRV to 1.86, stable to 1.91.1

Added

• Add ability to plot throughput on summary page.
• Add support for reporting throughput in elements and bytes - Throughput::ElementsAndBytes allows the text summary to report throughput in both units simultaneously.
• Add alloca-based memory layout randomisation to mitigate memory effects on measurements.
• Add doc comment to benchmark runner in criterion_group macro (removes linter warnings)

Fixed

• Fix plotting NaN bug

Other

• Remove Master API Docs links temporarily while we restore the docs publishing.

... (truncated)

Commits

• 7f0d745 chore: release v0.8.2
• 4a467ce chore(deps): bump crate-ci/typos from 1.40.0 to 1.43.0
• b277a75 Fix panic with uniform iteration durations in benchmarks
• 828af14 fix: don't build alloca on unsupported targets
• b01316b Update Readme
• 4c02a3b Exclude development scripts from published package
• e4e06df chore: release v0.8.1
• aa548b9 fix: Homepage link
• 950c3b7 fix: Typo
• 7e3e50c chore(deps): bump crate-ci/typos from 1.23.5 to 1.40.0
• Additional commits viewable in compare view

Updates clap from 4.6.0 to 4.6.1

Release notes

Sourced from clap's releases.

v4.6.1

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

Changelog

Sourced from clap's changelog.

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

Commits

• 1420275 chore: Release
• d2c817d docs: Update changelog
• f88c94e Merge pull request #6341 from epage/sep
• acbb822 fix(complete): Reduce risk of conflict with actual subcommands
• a49fadb refactor(complete): Pull out subcommand separator
• ddc008b Merge pull request #6332 from epage/update
• 497dc50 chore: Update compatible dependencies
• dca2326 Merge pull request #6331 from clap-rs/renovate/j178-prek-action-2.x
• 54bdaa3 chore(deps): Update j178/prek-action action to v2
• f0d30d9 chore: Release
• Additional commits viewable in compare view

Updates toml from 0.8.23 to 1.1.2+spec-1.1.0

Commits

• a3d0047 chore: Release
• cc37615 docs: Update changelog
• 7f5e9e1 fix(parser): Consolidate invalid unquoted key into one error (#1138)
• 52feb90 fix(parser): Consolidate invalid unquoted key into one error
• aad85d4 chore(deps): Update j178/prek-action action to v2 (#1136)
• 8b1ac44 chore(deps): Update compatible (dev) (#1135)
• 9effd79 chore(deps): Update j178/prek-action action to v2
• 9db8aad chore: Release
• e55a663 docs: Update changelog
• c11d7d7 Optimisations (#1133)
• Additional commits viewable in compare view

Updates tokio from 1.50.0 to 1.52.0

Release notes

Sourced from tokio's releases.

Tokio v1.52.0

1.52.0 (April 14th, 2026)

Added

• io: AioSource::register_borrowed for I/O safety support (#7992)
• net: add try_io function to unix::pipe sender and receiver types (#8030)

Added (unstable)

• runtime: Builder::enable_eager_driver_handoff setting enable eager hand off of the I/O and time drivers before polling tasks (#8010)
• taskdump: add trace_with() for customized task dumps (#8025)
• taskdump: allow impl FnMut() in trace_with instead of just fn() (#8040)
• fs: support io_uring in AsyncRead for File (#7907)

Changed

• runtime: improve spawn_blocking scalability with sharded queue (#7757)
• runtime: use compare_exchange_weak() in worker queue (#8028)

Fixed

• runtime: overflow second half of tasks when local queue is filled instead of first half (#8029)

Documented

• docs: fix typo in oneshot::Sender::send docs (#8026)
• docs: hide #[tokio::main] attribute in the docs of sync::watch (#8035)
• net: add docs on ConnectionRefused errors with UDP sockets (#7870)

#7757: tokio-rs/tokio#7757 #7870: tokio-rs/tokio#7870 #7907: tokio-rs/tokio#7907 #7992: tokio-rs/tokio#7992 #8010: tokio-rs/tokio#8010 #8025: tokio-rs/tokio#8025 #8026: tokio-rs/tokio#8026 #8028: tokio-rs/tokio#8028 #8029: tokio-rs/tokio#8029 #8030: tokio-rs/tokio#8030 #8035: tokio-rs/tokio#8035 #8040: tokio-rs/tokio#8040

Tokio v1.51.1

1.51.1 (April 8th, 2026)

Fixed

• sync: fix semaphore reopens after forget (#8021)
• net: surface errors from SO_ERROR on recv for UDP sockets on Linux (#8001)

... (truncated)

Commits

• 5f7be0a chore: perpare 1.52.0 (#8045)
• 36d12d2 taskdump: allow impl FnMut() in taskdumps instead of just fn() (#8040)
• f943312 fs: support io-uring in AsyncRead for File (#7907)
• 5db10f5 net: add 'try_io' function to 'unix::pipe' sender and receiver types (#8030)
• bbdba71 taskdump: add trace_with for customized task dumps (#8025)
• 7cfce54 ci: update FreeBSD image to 14.4 (#8038)
• 81370e6 net: add docs on ConnectionRefused errors with udp sockets (#7870)
• 203af02 runtime: overflow second half of tasks when local queue is filled instead of ...
• de23092 net: temporarily disable tcp_stream try_read_buf test on WASI (#8036)
• 432ec3f sync: hide #[tokio::main] attribute in the docs of sync::watch (#8035)
• Additional commits viewable in compare view

Updates colored from 2.2.0 to 3.1.1

Release notes

Sourced from colored's releases.

v3.1.1

No release notes provided.

v3.1.0

No release notes provided.

v3.0.0

• [BREAKING CHANGE]: Upgrade MSRV to 1.80 and remove the then unnecessary lazy_static dependency.

Changelog

Sourced from colored's changelog.

Unreleased

• Added methods ansi_color and on_ansi_color to Colorize.

3.0.0

• [BREAKING CHANGE]: Upgrade MSRV to 1.80 and remove the then unnecessary lazy_static dependency.

Commits

• 5204a26 3.1.1
• 49392a3 Limit to 5 keywords
• b791685 3.1.0
• 9a83121 Allow windows-sys 0.61 to be used (#218)
• 192598d Clean up Colorize trait
• ec013ae chore: minor improvement for docs (#212)
• 5bc198b Replace 'ansi_term' dev-dependency with 'ansiterm' (#209)
• a21367d Allow windows-sys 0.60 to be used (#206)
• 9450fea Fix clippy warning (#207)
• 68761c1 README: use the latest v3.0 version for example (#204)
• Additional commits viewable in compare view

Updates rayon from 1.11.0 to 1.12.0

Changelog

Sourced from rayon's changelog.

Release rayon 1.12.0 (2026-04-13)

• Fixed a bug in parallel Range<char> when the end is 0xE000, just past the surrogate boundary, which was unsafely producing invalid char values.
• The new method ParallelSlice::par_array_windows works like par_windows but with a constant length, producing &[T; N] items.

Commits

• 7449d7d Merge #1093
• b3d9e3f Release rayon 1.8.0 and rayon-core 1.12.0
• 3fe51e5 Fix clippy::let_and_return
• 082f215 Merge #1087
• ea0c06d core: registry: Factor out "wait till out of work" part of the main loop.
• 75524e2 Merge #1063
• 01d2800 Ignore the multi-threaded test on emscripten/wasm
• 40b59c0 core: Make use_current_thread error rather than panic when already in the pool.
• f4db4d7 core: tests: Add some basic tests for ThreadPoolBuilder::use_current_thread.
• 87274ad core: registry: Add some more documentation for ThreadPoolBuilder::use_curren...
• Additional commits viewable in compare view

Updates sha2 from 0.10.9 to 0.11.0

Commits

• ffe0939 Release sha2 0.11.0 (#806)
• 8991b65 Use the standard order of the [package] section fields (#807)
• 3d2bc57 sha2: refactor backends (#802)
• faa55fb sha3: bump keccak to v0.2 (#803)
• d3e6489 sha3 v0.11.0-rc.9 (#801)
• bbf6f51 sha2: tweak backend docs (#800)
• 155dbbf sha3: add default value for the DS generic parameter on TurboShake128/256...
• ed514f2 Use published version of keccak v0.2 (#799)
• 702bcd8 Migrate to closure-based keccak (#796)
• 827c043 sha3 v0.11.0-rc.8 (#794)
• Additional commits viewable in compare view

Updates jsonschema from 0.18.3 to 0.46.0

Release notes

Sourced from jsonschema's releases.

[Python] Release 0.46.0

Added

• Accept JSON strings in validator_cls_for.
• Resolver and Resolved types for programmatic schema resolution.
• dereference function to recursively inline $ref references. #422
• ValidatorMap for validating instances against subschemas identified by URI-fragment JSON pointer. #1075

Fixed

• Compilation error on wasm32 targets. #1093

Performance

• Avoid registry clones and document clones during validator construction. This improves real-world schema compilation by roughly 10-20% in internal benchmarks.

[Ruby] Release 0.46.0

Added

• Accept JSON strings in validator_cls_for.
• Resolver and Resolved types for programmatic schema resolution.
• dereference function to recursively inline $ref references. #422
• ValidatorMap for validating instances against subschemas identified by URI-fragment JSON pointer. #1075

Performance

• Avoid registry clones and document clones during validator construction. This improves real-world schema compilation by roughly 10-20% in internal benchmarks.

[Rust] Release 0.46.0

Added

• ValidatorMap for validating instances against subschemas identified by URI-fragment JSON pointer. #1075
• CLI: Accept multiple values after -i/--instance (e.g. jsonschema validate schema.json -i *.json). #1085
• dereference function to recursively inline $ref references. #422
• CLI: jsonschema dereference subcommand to dereference a schema from the command line.

Breaking Changes

• Registry construction now uses an explicit prepare step, and with_registry now borrows the prepared registry. ValidationOptions::with_resource and ValidationOptions::with_resources were removed in favor of building a Registry first. See the Migration Guide for the details.

Performance

• Avoid registry clones and document clones during validator construction. This improves real-world schema compilation by roughly 10-20% in internal benchmarks.

[Python] Release 0.45.1

Fixed

• Incorrect handling of multipleOf validation for negative numeric instances.
• Incorrect handling of duration format when hours and seconds appear without minutes, or years and days without months.

... (truncated)

Changelog

Sourced from jsonschema's changelog.

[0.46.0] - 2026-04-10

Added

• ValidatorMap for validating instances against subschemas identified by URI-fragment JSON pointer. #1075
• CLI: Accept multiple values after -i/--instance (e.g. jsonschema validate schema.json -i *.json). #1085
• dereference function to recursively inline $ref references. #422
• CLI: jsonschema dereference subcommand to dereference a schema from the command line.

Breaking Changes

• Registry construction now uses an explicit prepare step, and with_registry now borrows the prepared registry. ValidationOptions::with_resource and ValidationOptions::with_resources were removed in favor of building a Registry first. See the Migration Guide for the details.

Performance

• Avoid registry clones and document clones during validator construction. This improves real-world schema compilation by roughly 10-20% in internal benchmarks.

[0.45.1] - 2026-04-06

Fixed

• Incorrect handling of multipleOf validation for negative numeric instances.
• Incorrect handling of duration format when hours and seconds appear without minutes, or years and days without months.

[0.45.0] - 2026-03-08

Added

• bundle(schema) / async_bundle(schema) / ValidationOptions::bundle: produce a Compound Schema Document with external $ref targets embedded in a draft-appropriate container (definitions for Draft 4/6/7, $defs for Draft 2019-09/2020-12) while preserving $ref values. #791.
• CLI: jsonschema validate and jsonschema bundle subcommands. Flat invocation (jsonschema schema.json -i …) is deprecated — use jsonschema validate instead. #791.
• ValidationError::absolute_keyword_location() to get the absolute keyword location URI of the schema node that produced the error. #737.

Changed

• ValidationError::into_parts() now returns ValidationErrorParts instead of a tuple.

[0.44.1] - 2026-03-03

Fixed

• hostname format now applies legacy RFC 1034 semantics in Draft 4/6 and keeps IDNA A-label validation in Draft 7+.

[0.44.0] - 2026-03-02

Added

• canonical::json::to_string(value) for canonical JSON serialization (stable key ordering and numeric normalization), useful for deduplicating equivalent JSON Schemas.

Fixed

... (truncated)

Commits

• 89848e0 chore(ruby): Release 0.46.0
• 3680725 chore(python): Release 0.46.0
• 9abf4d1 chore(ruby): Update dependency on jsonschema
• 871bfd3 chore(rust): Release 0.46.0
• 92434f6 perf: Fewer Arc allocations
• 1ac38b2 perf: Add definitions to the list of known keywords
• 5d3e409 perf: Fewer allocations when collecting annotations
• f51d564 feat: Validate with JSON pointer
• d35102f perf: Simpler reference resolution cache
• 2a66919 feat: dereference function to recursively inline $ref references
• Additional commits viewable in compare view

Updates bolero from 0.10.1 to 0.13.4

Commits

• See full diff in compare view

Updates bolero-generator from 0.10.2 to 0.13.5

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are no longer updatable, so this is no longer needed.