Skip to content

Bump the production-dependencies group across 1 directory with 12 updates #74

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the production-dependencies group across 1 directory with 12 updates #74

wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Nov 19, 2025
edited
Loading

Bumps the production-dependencies group with 12 updates in the / directory:

Package From To
base64 0.21.7 0.22.1
hpke 0.12.0 0.13.0
rand 0.8.5 0.9.2
jsonwebtoken 9.3.1 10.2.0
rand_chacha 0.3.1 0.9.0
solana-rpc-client 3.0.10 3.1.1
solana-system-interface 2.0.0 3.0.0
bincode 1.3.3 2.0.1
solana-transaction 3.0.1 3.0.2
secp256k1 0.30.0 0.31.1
syn 2.0.109 2.0.110
bytes 1.10.1 1.11.0

Updates base64 from 0.21.7 to 0.22.1

Changelog

Sourced from base64's changelog.

0.22.1

  • Correct the symbols used for the predefined alphabet::BIN_HEX.

0.22.0

  • DecodeSliceError::OutputSliceTooSmall is now conservative rather than precise. That is, the error will only occur if the decoded output cannot fit, meaning that Engine::decode_slice can now be used with exactly-sized output slices. As part of this, Engine::internal_decode now returns DecodeSliceError instead of DecodeError, but that is not expected to affect any external callers.
  • DecodeError::InvalidLength now refers specifically to the number of valid symbols being invalid (i.e. len % 4 == 1), rather than just the number of input bytes. This avoids confusing scenarios when based on interpretation you could make a case for either InvalidLength or InvalidByte being appropriate.
  • Decoding is somewhat faster (5-10%)
Commits
  • e144006 v0.22.1
  • 64cca59 Merge pull request #271 from JobanSD/patch-1
  • 838355e Correct BinHex 4.0 alphabet according to specifications
  • bf15ccf Merge pull request #270 from marshallpierce/mp/clippy
  • fc6aabe Appease clippy
  • 9a518a2 Merge pull request #267 from bdura/patch-1
  • d96c80f Merge branch 'marshallpierce:master' into patch-1
  • 5d70ba7 Merge pull request #269 from marshallpierce/mp/decode-precisely
  • efb6c00 Release notes
  • 2b91084 Add some tests to boost coverage
  • Additional commits viewable in compare view

Updates hpke from 0.12.0 to 0.13.0

Changelog

Sourced from hpke's changelog.

[0.13.0] - 2025-02-19

Changes

  • Made PskBundle require an explicit constructor that performs validation on inputs
  • Updated rand and rand_core to 0.9
Commits

Updates rand from 0.8.5 to 0.9.2

Changelog

Sourced from rand's changelog.

[0.9.2] - 2025-07-20

Deprecated

  • Deprecate rand::rngs::mock module and StepRng generator (#1634)

Additions

  • Enable WeightedIndex<usize> (de)serialization (#1646)

[0.9.1] - 2025-04-17

Security and unsafe

  • Revise "not a crypto library" policy again (#1565)
  • Remove zerocopy dependency from rand (#1579)

Fixes

  • Fix feature simd_support for recent nightly rust (#1586)

Changes

  • Allow fn rand::seq::index::sample_weighted and fn IndexedRandom::choose_multiple_weighted to return fewer than amount results (#1623), reverting an undocumented change (#1382) to the previous release.

Additions

  • Add rand::distr::Alphabetic distribution. (#1587)
  • Re-export rand_core (#1604)

[0.9.0] - 2025-01-27

Security and unsafe

  • Policy: "rand is not a crypto library" (#1514)
  • Remove fork-protection from ReseedingRng and ThreadRng. Instead, it is recommended to call ThreadRng::reseed on fork. (#1379)
  • Use zerocopy to replace some unsafe code (#1349, #1393, #1446, #1502)

Dependencies

  • Bump the MSRV to 1.63.0 (#1207, #1246, #1269, #1341, #1416, #1536); note that 1.60.0 may work for dependents when using --ignore-rust-version
  • Update to rand_core v0.9.0 (#1558)

Features

  • Support std feature without getrandom or rand_chacha (#1354)
  • Enable feature small_rng by default (#1455)
  • Remove implicit feature rand_chacha; use std_rng instead. (#1473)
  • Rename feature serde1 to serde (#1477)
  • Rename feature getrandom to os_rng (#1537)
  • Add feature thread_rng (#1547)

API changes: rand_core traits

  • Add fn RngCore::read_adapter implementing std::io::Read (#1267)
  • Add trait CryptoBlockRng: BlockRngCore; make trait CryptoRng: RngCore (#1273)
  • Add traits TryRngCore, TryCryptoRng (#1424, #1499)
  • Rename fn SeedableRng::from_rng -> try_from_rng and add infallible variant fn from_rng (#1424)
  • Rename fn SeedableRng::from_entropy -> from_os_rng and add fallible variant fn try_from_os_rng (#1424)
  • Add bounds Clone and AsRef to associated type SeedableRng::Seed (#1491)

API changes: Rng trait and top-level fns

  • Rename fn rand::thread_rng() to rand::rng() and remove from the prelude (#1506)

... (truncated)

Commits

Updates jsonwebtoken from 9.3.1 to 10.2.0

Changelog

Sourced from jsonwebtoken's changelog.

10.2.0 (2025-11-06)

  • Remove Clone bound from decode functions

10.1.0 (2025-10-18)

  • add dangerous::insecure_decode
  • Implement TryFrom &Jwk for DecodingKey

10.0.0 (2025-09-29)

  • BREAKING: now using traits for crypto backends, you have to choose between aws_lc_rs and rust_crypto
  • Add Clone bound to decode
  • Support decoding byte slices
  • Support JWS
Commits
  • 53a3fc2 Do not fail for clippy
  • 3226cfc Prepare for release
  • dfe58f9 Remove unnecessary Clone bounds from decode functions (#458)
  • 9b3e19c Fix function names in README (#457)
  • 655abeb Ready for release
  • d96982d Fix a few markdown issues in docs (#446)
  • fbcfd39 feat: add dangerous::insecure_decode (#441)
  • 4ba3fce fix(docs): add rust_crypto feature to docs.rs build (#443)
  • 29fa3b1 Implement TryFrom &Jwk for DecodingKey (#437)
  • 1456755 Use DecodingKey::from_jwk to get DecodingKey from JWK in auth0 example (#430)
  • Additional commits viewable in compare view

Updates rand_chacha from 0.3.1 to 0.9.0

Release notes

Sourced from rand_chacha's releases.

0.9.0

Upgrade guide

See https://rust-random.github.io/book/update-0.9.html

Changelog

Security and unsafe

  • Policy: "rand is not a crypto library" (#1514)
  • Remove fork-protection from ReseedingRng and ThreadRng. Instead, it is recommended to call ThreadRng::reseed on fork. (#1379)
  • Use zerocopy to replace some unsafe code (#1349, #1393, #1446, #1502)

Dependencies

  • Bump the MSRV to 1.63.0 (#1207, #1246, #1269, #1341, #1416, #1536); note that 1.60.0 may work for dependents when using --ignore-rust-version
  • Update to rand_core v0.9.0 (#1558)

Features

  • Support std feature without getrandom or rand_chacha (#1354)
  • Enable feature small_rng by default (#1455)
  • Remove implicit feature rand_chacha; use std_rng instead. (#1473)
  • Rename feature serde1 to serde (#1477)
  • Rename feature getrandom to os_rng (#1537)
  • Add feature thread_rng (#1547)

API changes: rand_core traits

  • Add fn RngCore::read_adapter implementing std::io::Read (#1267)
  • Add trait CryptoBlockRng: BlockRngCore; make trait CryptoRng: RngCore (#1273)
  • Add traits TryRngCore, TryCryptoRng (#1424, #1499)
  • Rename fn SeedableRng::from_rng -> try_from_rng and add infallible variant fn from_rng (#1424)
  • Rename fn SeedableRng::from_entropy -> from_os_rng and add fallible variant fn try_from_os_rng (#1424)
  • Add bounds Clone and AsRef to associated type SeedableRng::Seed (#1491)

API changes: Rng trait and top-level fns

  • Rename fn rand::thread_rng() to rand::rng() and remove from the prelude (#1506)
  • Remove fn rand::random() from the prelude (#1506)
  • Add top-level fns random_iter, random_range, random_bool, random_ratio, fill (#1488)
  • Re-introduce fn Rng::gen_iter as random_iter (#1305, #1500)
  • Rename fn Rng::gen to random to avoid conflict with the new gen keyword in Rust 2024 (#1438)
  • Rename fns Rng::gen_range to random_range, gen_bool to random_bool, gen_ratio to random_ratio (#1505)
  • Annotate panicking methods with #[track_caller] (#1442, #1447)

API changes: RNGs

  • Fix <SmallRng as SeedableRng>::Seed size to 256 bits (#1455)
  • Remove first parameter (rng) of ReseedingRng::new (#1533)

API changes: Sequences

  • Split trait SliceRandom into IndexedRandom, IndexedMutRandom, SliceRandom (#1382)
  • Add IndexedRandom::choose_multiple_array, index::sample_array (#1453, #1469)

API changes: Distributions: renames

  • Rename module rand::distributions to rand::distr (#1470)
  • Rename distribution Standard to StandardUniform (#1526)

... (truncated)

Changelog

Sourced from rand_chacha's changelog.

[0.9.0] - 2025-01-27

Security and unsafe

  • Policy: "rand is not a crypto library" (#1514)
  • Remove fork-protection from ReseedingRng and ThreadRng. Instead, it is recommended to call ThreadRng::reseed on fork. (#1379)
  • Use zerocopy to replace some unsafe code (#1349, #1393, #1446, #1502)

Dependencies

  • Bump the MSRV to 1.63.0 (#1207, #1246, #1269, #1341, #1416, #1536); note that 1.60.0 may work for dependents when using --ignore-rust-version
  • Update to rand_core v0.9.0 (#1558)

Features

  • Support std feature without getrandom or rand_chacha (#1354)
  • Enable feature small_rng by default (#1455)
  • Remove implicit feature rand_chacha; use std_rng instead. (#1473)
  • Rename feature serde1 to serde (#1477)
  • Rename feature getrandom to os_rng (#1537)
  • Add feature thread_rng (#1547)

API changes: rand_core traits

  • Add fn RngCore::read_adapter implementing std::io::Read (#1267)
  • Add trait CryptoBlockRng: BlockRngCore; make trait CryptoRng: RngCore (#1273)
  • Add traits TryRngCore, TryCryptoRng (#1424, #1499)
  • Rename fn SeedableRng::from_rng -> try_from_rng and add infallible variant fn from_rng (#1424)
  • Rename fn SeedableRng::from_entropy -> from_os_rng and add fallible variant fn try_from_os_rng (#1424)
  • Add bounds Clone and AsRef to associated type SeedableRng::Seed (#1491)

API changes: Rng trait and top-level fns

  • Rename fn rand::thread_rng() to rand::rng() and remove from the prelude (#1506)
  • Remove fn rand::random() from the prelude (#1506)
  • Add top-level fns random_iter, random_range, random_bool, random_ratio, fill (#1488)
  • Re-introduce fn Rng::gen_iter as random_iter (#1305, #1500)
  • Rename fn Rng::gen to random to avoid conflict with the new gen keyword in Rust 2024 (#1438)
  • Rename fns Rng::gen_range to random_range, gen_bool to random_bool, gen_ratio to random_ratio (#1505)
  • Annotate panicking methods with #[track_caller] (#1442, #1447)

API changes: RNGs

  • Fix <SmallRng as SeedableRng>::Seed size to 256 bits (#1455)
  • Remove first parameter (rng) of ReseedingRng::new (#1533)

API changes: Sequences

  • Split trait SliceRandom into IndexedRandom, IndexedMutRandom, SliceRandom (#1382)
  • Add IndexedRandom::choose_multiple_array, index::sample_array (#1453, #1469)

API changes: Distributions: renames

  • Rename module rand::distributions to rand::distr (#1470)
  • Rename distribution Standard to StandardUniform (#1526)
  • Move distr::Slice -> distr::slice::Choose, distr::EmptySlice -> distr::slice::Empty (#1548)
  • Rename trait distr::DistString -> distr::SampleString (#1548)
  • Rename distr::DistIter -> distr::Iter, distr::DistMap -> distr::Map (#1548)

... (truncated)

Commits

Updates solana-rpc-client from 3.0.10 to 3.1.1

Release notes

Sourced from solana-rpc-client's releases.

Release v3.1.1

This is a testnet release.

https://github.com/anza-xyz/agave/blob/v3.1/CHANGELOG.md

Release v3.1.0-beta.0

This is a testnet release.

https://github.com/anza-xyz/agave/blob/v3.1/CHANGELOG.md

What's Changed

Full Changelog: anza-xyz/agave@v2.1.0...v3.1.0-beta.0

Changelog

Sourced from solana-rpc-client's changelog.

Changelog

All notable changes to this project will be documented in this file.

Please follow the guidance at the bottom of this file when making changes The format is based on Keep a Changelog. This project adheres to Semantic Versioning and follows a Backwards Compatibility Policy

Release channels have their own copy of this changelog:

4.0.0-Unreleased

RPC

Breaking

  • --public-tpu-address and --public-tpu-forwards-address CLI arguments and setPublicTpuForwardsAddress, setPublicTpuAddress RPC methods now specify QUIC ports, not UDP.

Changes

  • Added --enable-scheduler-bindings which binds an IPC server at <ledger-path>/scheduler_bindings.ipc for external schedulers to connect to.

Validator

Breaking

  • Removed deprecated arguments
    • --accounts-db-clean-threads
    • --accounts-db-hash-threads
    • --accounts-db-read-cache-limit-mb
    • --accounts-hash-cache-path
    • --disable-accounts-disk-index

Deprecations

  • Using mmap for --accounts-db-access-storages-method is now deprecated.

3.1.0

RPC

Breaking

  • A signature verification failure in simulateTransaction() or the preflight stage of sendTransaction() will now be attached to the simulation result's err property as TransactionError::SignatureFailure instead of being thrown as a JSON RPC API error (-32003). Applications that already guard against JSON RPC exceptions should expect signature verification errors to appear on the simulation result instead. Applications that already handle the materialization of TransactionErrors on simulation results can now expect to receive errors of type TransactionError::SignatureFailure at those verification sites.

Changes

  • The getProgramAccounts RPC endpoint now returns JSON-RPC errors when malformed filters are provided (previously these malformed filters would be silently ignored and the RPC call would execute an unfiltered query).
  • PubsubClient can now be constructed with the URI of an RPC (as a str, String, or Uri) as well as an http::Request<()>. The addition of Request allows you to set request headers when establishing a websocket connection with an RPC.

Validator

Breaking

Deprecations

  • The --monitor flag with agave-validator exit is now deprecated. Operators can use the monitor command after exit instead.
  • The --disable-accounts-disk-index flag is now deprecated.
  • All monorepo crates falling outside the backward compatibility policy are now deprecated, signaling their inclusion in the Agave Unstable API. Enable the agave-unstable-api crate feature to acknowledge use of an interface that may break without warning. From v4.0.0 onward, symbols in these crates will be unavailable without agave-unstable-api enabled.

... (truncated)

Commits
  • 7096e60 Bump version to v3.1.1. (#9083)
  • f664622 v3.1: deprecate the --cuda cli argument (backport of #9055) (#9066)
  • 99945ca deprecate solana-stake-program (#8860)
  • c5001c1 v3.1: Optimize LockoutIntervals in collect_vote_lockouts (backport of #8865) ...
  • 9939ba9 v3.1: Optimize HashMap/HashSet usage in collect_vote_lockouts (backport of #8...
  • 06c77fc v3.1: suppress another erroneous nested deprecation lint (backport of #9006) ...
  • 9aa699f v3.1: Update xtask version to 0.1.0 since we will never publish the xtask cra...
  • aa760f9 v3.1: add agave-unstable-api deprecation notice to 3.1 changelog entry (bac...
  • c45dee2 v3.1: add agave-unstable-api deprecation warning to new agave-fs crate (b...
  • c384144 v3.1: Bumps SBPF to v0.13.1 (backport of #8976) (#8978)
  • Additional commits viewable in compare view

Updates solana-system-interface from 2.0.0 to 3.0.0

Release notes

Sourced from solana-system-interface's releases.

system-interface@v3.0.0

What's new

instruction@v2.3.3

What's new

  • Publish solana-instruction v2.3.3
  • Instruction: Don't use serde::__private (#434)
Commits
  • 9ffe954 Publish solana-sdk v3.0.0
  • 9decd85 rent-collector: Remove the crate entirely (#286)
  • cf5ceaf Publish solana-program-entrypoint v3.1.0
  • 334c7ec program-entrypoint: Add a BumpAllocator constructor (#284)
  • d47ab5a vote-interface: VoteStateVersions: add support for v4 (#280)
  • 0ace4d4 Publish solana-loader-v4-interface v3.1.0
  • 9dd79d7 Publish solana-loader-v3-interface v6.1.0
  • 5ffdd0e Publish solana-system-transaction v3.0.0
  • c77fef5 Publish solana-client-traits v3.0.0
  • e989395 Publish solana-transaction v3.0.0
  • Additional commits viewable in compare view

Updates bincode from 1.3.3 to 2.0.1

Commits

Updates solana-transaction from 3.0.1 to 3.0.2

Release notes

Sourced from solana-transaction's releases.

transaction@v3.0.2

What's new

Commits
  • 6089d5d Publish solana-transaction v3.0.2
  • 488a3ca Document security hazards of system_interface::instruction::create_account ...
  • 19945d3 Publish solana-program-entrypoint v3.1.1
  • 2dca808 Publish solana-program-log v1.0.0
  • 9048855 Publish solana-program-log-macro v1.0.0
  • f508552 fix(transaction): apply features to solana-transaction-error dep (#437)
  • 1f3e000 ci: Fix proc-macro test on publish (#438)
  • df4f131 Publish solana-program-memory v3.1.0
  • 2b74575 Publish solana-system-interface v3.0.0
  • a8ef598 Publish solana-cpi v3.1.0
  • Additional commits viewable in compare view

Updates secp256k1 from 0.30.0 to 0.31.1

Changelog

Sourced from secp256k1's changelog.

0.31.1 - 2025-06-23

  • Update deprecation notes with since instead of TBD.

0.31.0 - 2025-04-21

  • Update rand to 0.9 #788
  • Create keys from owned array values instead of from references #781
  • Add from_u8_masked RecoveryId constructor #778
  • Update upstream to 0cdc758a56360bf58a851fe91085a327ec97685a (secp256k1-sys 0.6) #764
  • Add Keypair::sign_schnorr_no_aux_rand #762
  • Replace Message with Into<Message> in ECDSA signing API #755
  • Deprecate ElligatorSwiftParty in favor of Party #752
Commits

Updates syn from 2.0.109 to 2.0.110

Release notes

Sourced from syn's releases.

2.0.110

  • Tweaks to improve build speed (#1939, thanks @​dishmaker)
  • Make syn::ext::IdentExt::unraw available without "parsing" feature (#1940)
  • Support parsing syn::Meta followed by => (#1944)
Commits
  • 1c8cabe Release 2.0.110
  • 8ef195b Merge pull request #1944 from dtolnay/metaarrow
  • 9ab4aef Support parsing Meta followed by fat arrow
  • 7711764 Add test of parsing fat arrow after meta
  • 193f52e Update test suite to nightly-2025-11-10
  • 5ece7e1 Merge pull request #1941 from dtolnay/ext
  • 6a44478 Add extension trait for Punct construction with span
  • 798e109 Drop 2 from name of TokenStreamExt2
  • b344f2d Never import name of quote::TokenStreamExt
  • b0ec4c7 Touch up PR 1939
  • Additional commits viewable in compare view

Updates bytes from 1.10.1 to 1.11.0

Release notes

Sourced from bytes's releases.

Bytes v1.11.0

1.11.0 (November 14th, 2025)

  • Bump MSRV to 1.57 (#788)

Fixed

  • fix: BytesMut only reuse if src has remaining (#803)
  • Specialize BytesMut::put::<Bytes> (#793)
  • Reserve capacity in BytesMut::put (#794)
  • Change BytesMut::remaining_mut to use isize::MAX instead of usize::MAX (#795)

Internal changes

  • Guarantee address in slice() for empty slices. (#780)
  • Rename Vtable::to_* -> Vtable::into_* (#776)
  • Fix latest clippy warnings (#787)
  • Ignore BytesMut::freeze doctest on wasm (#790)
  • Move drop_fn of from_owner into vtable (#801)
Changelog

Sourced from bytes's changelog.

1.11.0 (November 14th, 2025)

  • Bump MSRV to 1.57 (#788)

Fixed

  • fix: BytesMut only reuse if src has remaining (#803)
  • Specialize BytesMut::put::<Bytes> (#793)
  • Reserve capacity in BytesMut::put (#794)
  • Change BytesMut::remaining_mut to use isize::MAX instead of usize::MAX (#795)

Internal changes

  • Guarantee address in slice() for empty slices. (#780)
  • Rename Vtable::to_* -> Vtable::into_* (#776)
  • Fix latest clippy warnings (#787)
  • Ignore BytesMut::freeze doctest on wasm (#790)
  • Move drop_fn of from_owner into vtable (#801)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
    -...

Description has been truncated

@dependabot dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Nov 19, 2025
@socket-security
Copy link

socket-security bot commented Nov 19, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedsolana-transaction@​3.0.1 ⏵ 3.0.210010093100100
Updatedbytes@​1.10.1 ⏵ 1.11.010010093100100
Updatedsolana-rpc-client@​3.0.10 ⏵ 3.1.110010093100100
Updatedjsonwebtoken@​9.3.1 ⏵ 10.2.010010097100100
Updatedhpke@​0.12.0 ⏵ 0.13.0100100100100100

View full report

@dependabot dependabot bot force-pushed the dependabot/cargo/production-dependencies-b83d8a893d branch from ca358f4 to fb4ba42 Compare November 20, 2025 18:15
@dependabot
Bump the production-dependencies group across 1 directory with 12 upd…
c6ec979 
…ates

Bumps the production-dependencies group with 12 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [base64](https://github.com/marshallpierce/rust-base64) | `0.21.7` | `0.22.1` |
| [hpke](https://github.com/rozbb/rust-hpke) | `0.12.0` | `0.13.0` |
| [rand](https://github.com/rust-random/rand) | `0.8.5` | `0.9.2` |
| [jsonwebtoken](https://github.com/Keats/jsonwebtoken) | `9.3.1` | `10.2.0` |
| [rand_chacha](https://github.com/rust-random/rand) | `0.3.1` | `0.9.0` |
| [solana-rpc-client](https://github.com/anza-xyz/agave) | `3.0.10` | `3.1.1` |
| [solana-system-interface](https://github.com/anza-xyz/solana-sdk) | `2.0.0` | `3.0.0` |
| [bincode](https://github.com/bincode-org/bincode) | `1.3.3` | `2.0.1` |
| [solana-transaction](https://github.com/anza-xyz/solana-sdk) | `3.0.1` | `3.0.2` |
| [secp256k1](https://github.com/rust-bitcoin/rust-secp256k1) | `0.30.0` | `0.31.1` |
| [syn](https://github.com/dtolnay/syn) | `2.0.109` | `2.0.110` |
| [bytes](https://github.com/tokio-rs/bytes) | `1.10.1` | `1.11.0` |



Updates `base64` from 0.21.7 to 0.22.1
- [Changelog](https://github.com/marshallpierce/rust-base64/blob/master/RELEASE-NOTES.md)
- [Commits](marshallpierce/rust-base64@v0.21.7...v0.22.1)

Updates `hpke` from 0.12.0 to 0.13.0
- [Changelog](https://github.com/rozbb/rust-hpke/blob/main/CHANGELOG.md)
- [Commits](rozbb/rust-hpke@v0.12.0...v0.13.0)

Updates `rand` from 0.8.5 to 0.9.2
- [Release notes](https://github.com/rust-random/rand/releases)
- [Changelog](https://github.com/rust-random/rand/blob/master/CHANGELOG.md)
- [Commits](rust-random/rand@0.8.5...rand_core-0.9.2)

Updates `jsonwebtoken` from 9.3.1 to 10.2.0
- [Changelog](https://github.com/Keats/jsonwebtoken/blob/master/CHANGELOG.md)
- [Commits](Keats/jsonwebtoken@v9.3.1...v10.2.0)

Updates `rand_chacha` from 0.3.1 to 0.9.0
- [Release notes](https://github.com/rust-random/rand/releases)
- [Changelog](https://github.com/rust-random/rand/blob/master/CHANGELOG.md)
- [Commits](rust-random/rand@rand_chacha-0.3.1...0.9.0)

Updates `solana-rpc-client` from 3.0.10 to 3.1.1
- [Release notes](https://github.com/anza-xyz/agave/releases)
- [Changelog](https://github.com/anza-xyz/agave/blob/master/CHANGELOG.md)
- [Commits](anza-xyz/agave@v3.0.10...v3.1.1)

Updates `solana-system-interface` from 2.0.0 to 3.0.0
- [Release notes](https://github.com/anza-xyz/solana-sdk/releases)
- [Commits](https://github.com/anza-xyz/solana-sdk/compare/address@v2.0.0...sdk@v3.0.0)

Updates `bincode` from 1.3.3 to 2.0.1
- [Commits](https://github.com/bincode-org/bincode/commits)

Updates `solana-transaction` from 3.0.1 to 3.0.2
- [Release notes](https://github.com/anza-xyz/solana-sdk/releases)
- [Commits](https://github.com/anza-xyz/solana-sdk/compare/keypair@v3.0.1...transaction@v3.0.2)

Updates `secp256k1` from 0.30.0 to 0.31.1
- [Changelog](https://github.com/rust-bitcoin/rust-secp256k1/blob/master/CHANGELOG.md)
- [Commits](rust-bitcoin/rust-secp256k1@secp256k1-0.30.0...secp256k1-0.31.1)

Updates `syn` from 2.0.109 to 2.0.110
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](dtolnay/syn@2.0.109...2.0.110)

Updates `bytes` from 1.10.1 to 1.11.0
- [Release notes](https://github.com/tokio-rs/bytes/releases)
- [Changelog](https://github.com/tokio-rs/bytes/blob/master/CHANGELOG.md)
- [Commits](tokio-rs/bytes@v1.10.1...v1.11.0)

---
updated-dependencies:
- dependency-name: base64
  dependency-version: 0.22.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: hpke
  dependency-version: 0.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: rand
  dependency-version: 0.9.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: jsonwebtoken
  dependency-version: 10.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: rand_chacha
  dependency-version: 0.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: solana-rpc-client
  dependency-version: 3.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: solana-system-interface
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: bincode
  dependency-version: 2.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: solana-transaction
  dependency-version: 3.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: secp256k1
  dependency-version: 0.31.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: syn
  dependency-version: 2.0.110
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: bytes
  dependency-version: 1.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/cargo/production-dependencies-b83d8a893d branch from fb4ba42 to c6ec979 Compare November 21, 2025 11:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant