build(deps): bump the all-deps group with 7 updates

[dependabot]

Bumps the all-deps group with 7 updates:

Package	From	To
blowfish	0.10.0-rc.3	0.10.0
indexmap	2.13.1	2.14.0
js-sys	0.3.94	0.3.95
wasm-bindgen	0.2.117	0.2.118
wasm-bindgen-macro	0.2.117	0.2.118
wasm-bindgen-macro-support	0.2.117	0.2.118
wasm-bindgen-shared	0.2.117	0.2.118

Updates blowfish from 0.10.0-rc.3 to 0.10.0

Commits

• c69a235 Release new versions dependent on cipher v0.5 (#553)
• 582b178 Move gift to gift-cipher and speck to speck-cipher (#554)
• 001e740 Adopt Trusted Publishing (#552)
• d908618 Release aes v0.9.0 (#539)
• b612904 aes: remove zeroize_works test (#551)
• 042fa86 Update Cargo.lock (#547)
• 7290b2b ci: use Dependabot to update Cargo.lock (#546)
• d1910c1 ci: bump actions/checkout to v6 (#545)
• 1120a51 Bump Clippy to 1.94 and fix clippy::manual_rotate (#544)
• d52b5b6 aes: remove weak key test entry from changelog (#543)
• Additional commits viewable in compare view

Updates indexmap from 2.13.1 to 2.14.0

Changelog

Sourced from indexmap's changelog.

2.14.0 (2026-04-09)

• MSRV: Rust 1.85.0 or later is now required.
• Updated the hashbrown dependency to 0.17.
• Made more map::Slice methods const: new_mut, first_mut, last_mut, split_at_mut, split_at_mut_checked, split_first_mut, split_last_mut

Commits

• bcd165b Merge pull request #439 from cuviper/release-2.14.0
• 4ef06a7 Release 2.14.0
• d21826c Merge pull request #438 from cuviper/hashbrown-0.17
• 2566bec Upgrade to hashbrown v0.17
• 4b62776 Merge pull request #437 from cuviper/disjoint-panic
• 478fba2 Normalize the panic doc of get_disjoint_mut
• fb6dafd Merge pull request #436 from cuviper/const-slice-mut
• 5c237a2 Make Slice::{first,last,split_*}_mut methods const
• 48ff9ce Merge pull request #435 from cuviper/edition-2024
• 648be98 cargo fmt with edition 2024
• Additional commits viewable in compare view

Updates js-sys from 0.3.94 to 0.3.95

Commits

• See full diff in compare view

Updates wasm-bindgen from 0.2.117 to 0.2.118

Release notes

Sourced from wasm-bindgen's releases.

0.2.118

Added

• Added Error::stack_trace_limit() and Error::set_stack_trace_limit() bindings to js-sys for the non-standard V8 Error.stackTraceLimit property. #5082

• Added support for multiple #[wasm_bindgen(start)] functions, which are chained together at initialization, as well as a new #[wasm_bindgen(start, private)] to register a start function without exporting it as a public export. #5081

• Reinitialization is no longer automatically applied when using panic=unwind and --experimental-reset-state-function, instead it is triggered by any use of the handler::schedule_reinit() function under panic=unwind, which is supported from within the on_abort handler for reinit workflows. Renamed handler::reinit() to handler::schedule_reinit() and removed the set_on_reinit() handler. The __instance_terminated address is now always a simple boolean (0 = live, 1 = terminated). #5083

• handler::schedule_reinit() now works under panic=abort builds. Previously it was a no-op; it now sets the JS-side reinit flag and the next export call transparently creates a fresh WebAssembly.Instance. #5099

Changed

• MSRV bump from 1.71 to 1.76 for the CLI, and 1.82 to 1.86 for the API #5102

Fixed

• ES module import statements are now hoisted to the top of generated JS files, placed right after the @ts-self-types directive. This ensures valid ES module output since import declarations must precede other statements. #5103

• Fixed two CLI issues affecting WASM modules built by rustc 1.94+. First, a panic (failed to find N in function table) caused by lld emitting element segment offsets as global.get $__table_base or extended const expressions instead of plain i32.const N for large function tables; the fix adds a const-expression evaluator in get_function_table_entry and guards against integer underflow in multi-segment tables. Second, the descriptor interpreter now routes all global reads/writes through a single globals HashMap seeded from the module's own globals, and mirrors the module's actual linear memory rather than a fixed 32KB buffer, so the stack pointer's real value is valid without any override. This fixes panics like `failed to find 32752 in function

... (truncated)

Changelog

Sourced from wasm-bindgen's changelog.

0.2.118

Added

• Added Error::stack_trace_limit() and Error::set_stack_trace_limit() bindings to js-sys for the non-standard V8 Error.stackTraceLimit property. #5082

• Added support for multiple #[wasm_bindgen(start)] functions, which are chained together at initialization, as well as a new #[wasm_bindgen(start, private)] to register a start function without exporting it as a public export. #5081

• Reinitialization is no longer automatically applied when using panic=unwind and --experimental-reset-state-function, instead it is triggered by any use of the handler::schedule_reinit() function under panic=unwind, which is supported from within the on_abort handler for reinit workflows. Renamed handler::reinit() to handler::schedule_reinit() and removed the set_on_reinit() handler. The __instance_terminated address is now always a simple boolean (0 = live, 1 = terminated). #5083

• handler::schedule_reinit() now works under panic=abort builds. Previously it was a no-op; it now sets the JS-side reinit flag and the next export call transparently creates a fresh WebAssembly.Instance. #5099

Changed

• MSRV bump from 1.71 to 1.76 for the CLI, and 1.82 to 1.86 for the API #5102

Fixed

• ES module import statements are now hoisted to the top of generated JS files, placed right after the @ts-self-types directive. This ensures valid ES module output since import declarations must precede other statements. #5103

• Fixed two CLI issues affecting WASM modules built by rustc 1.94+. First, a panic (failed to find N in function table) caused by lld emitting element segment offsets as global.get $__table_base or extended const expressions instead of plain i32.const N for large function tables; the fix adds a const-expression evaluator in get_function_table_entry and guards against integer underflow in multi-segment tables. Second, the descriptor interpreter now routes all global reads/writes through a single globals HashMap seeded from the module's own globals, and mirrors the module's actual linear memory rather than a fixed 32KB buffer, so the stack pointer's real value is valid

... (truncated)

Commits

• 753bb7f Release 0.2.118 (#5100)
• a12884a fix: hoist ES module import statements to top of generated JS (#5103)
• 17d4344 fix: handle lifetime params in codegen for generic extern types (#5096)
• c0a6a82 fix: use thread_local_v2 for console.createTask feature detection (#5097)
• 5bd8fa9 chore: bump library MSRV to 1.77 and CLI MSRV to 1.86 (#5102)
• 6640596 feat: support schedule_reinit() under panic=abort builds (#5099)
• 7d83d96 build(deps): bump mymindstorm/setup-emsdk in the github-actions group (#5101)
• a44bc04 fix: auto-detect schedule_reinit and tighten termination guard (#5083)
• 48495bd fix: use globals HashMap for all global access in descriptor interpreter (#5095)
• 3a543f0 feat: add Error.stackTraceLimit getter and setter to js-sys (#5082)
• Additional commits viewable in compare view

Updates wasm-bindgen-macro from 0.2.117 to 0.2.118

Release notes

Sourced from wasm-bindgen-macro's releases.

0.2.118

Added

• Added Error::stack_trace_limit() and Error::set_stack_trace_limit() bindings to js-sys for the non-standard V8 Error.stackTraceLimit property. #5082

• Added support for multiple #[wasm_bindgen(start)] functions, which are chained together at initialization, as well as a new #[wasm_bindgen(start, private)] to register a start function without exporting it as a public export. #5081

• Reinitialization is no longer automatically applied when using panic=unwind and --experimental-reset-state-function, instead it is triggered by any use of the handler::schedule_reinit() function under panic=unwind, which is supported from within the on_abort handler for reinit workflows. Renamed handler::reinit() to handler::schedule_reinit() and removed the set_on_reinit() handler. The __instance_terminated address is now always a simple boolean (0 = live, 1 = terminated). #5083

• handler::schedule_reinit() now works under panic=abort builds. Previously it was a no-op; it now sets the JS-side reinit flag and the next export call transparently creates a fresh WebAssembly.Instance. #5099

Changed

• MSRV bump from 1.71 to 1.76 for the CLI, and 1.82 to 1.86 for the API #5102

Fixed

• ES module import statements are now hoisted to the top of generated JS files, placed right after the @ts-self-types directive. This ensures valid ES module output since import declarations must precede other statements. #5103

• Fixed two CLI issues affecting WASM modules built by rustc 1.94+. First, a panic (failed to find N in function table) caused by lld emitting element segment offsets as global.get $__table_base or extended const expressions instead of plain i32.const N for large function tables; the fix adds a const-expression evaluator in get_function_table_entry and guards against integer underflow in multi-segment tables. Second, the descriptor interpreter now routes all global reads/writes through a single globals HashMap seeded from the module's own globals, and mirrors the module's actual linear memory rather than a fixed 32KB buffer, so the stack pointer's real value is valid without any override. This fixes panics like `failed to find 32752 in function

... (truncated)

Changelog

Sourced from wasm-bindgen-macro's changelog.

0.2.118

Added

• Added Error::stack_trace_limit() and Error::set_stack_trace_limit() bindings to js-sys for the non-standard V8 Error.stackTraceLimit property. #5082

• Added support for multiple #[wasm_bindgen(start)] functions, which are chained together at initialization, as well as a new #[wasm_bindgen(start, private)] to register a start function without exporting it as a public export. #5081

• Reinitialization is no longer automatically applied when using panic=unwind and --experimental-reset-state-function, instead it is triggered by any use of the handler::schedule_reinit() function under panic=unwind, which is supported from within the on_abort handler for reinit workflows. Renamed handler::reinit() to handler::schedule_reinit() and removed the set_on_reinit() handler. The __instance_terminated address is now always a simple boolean (0 = live, 1 = terminated). #5083

• handler::schedule_reinit() now works under panic=abort builds. Previously it was a no-op; it now sets the JS-side reinit flag and the next export call transparently creates a fresh WebAssembly.Instance. #5099

Changed

• MSRV bump from 1.71 to 1.76 for the CLI, and 1.82 to 1.86 for the API #5102

Fixed

• ES module import statements are now hoisted to the top of generated JS files, placed right after the @ts-self-types directive. This ensures valid ES module output since import declarations must precede other statements. #5103

• Fixed two CLI issues affecting WASM modules built by rustc 1.94+. First, a panic (failed to find N in function table) caused by lld emitting element segment offsets as global.get $__table_base or extended const expressions instead of plain i32.const N for large function tables; the fix adds a const-expression evaluator in get_function_table_entry and guards against integer underflow in multi-segment tables. Second, the descriptor interpreter now routes all global reads/writes through a single globals HashMap seeded from the module's own globals, and mirrors the module's actual linear memory rather than a fixed 32KB buffer, so the stack pointer's real value is valid

... (truncated)

Commits

• 753bb7f Release 0.2.118 (#5100)
• a12884a fix: hoist ES module import statements to top of generated JS (#5103)
• 17d4344 fix: handle lifetime params in codegen for generic extern types (#5096)
• c0a6a82 fix: use thread_local_v2 for console.createTask feature detection (#5097)
• 5bd8fa9 chore: bump library MSRV to 1.77 and CLI MSRV to 1.86 (#5102)
• 6640596 feat: support schedule_reinit() under panic=abort builds (#5099)
• a44bc04 fix: auto-detect schedule_reinit and tighten termination guard (#5083)
• 48495bd fix: use globals HashMap for all global access in descriptor interpreter (#5095)
• 3a543f0 feat: add Error.stackTraceLimit getter and setter to js-sys (#5082)
• 06cb26c fix: mark unstable dictionary primitive-slice setters as unsafe (#5094)
• Additional commits viewable in compare view

Updates wasm-bindgen-macro-support from 0.2.117 to 0.2.118

Release notes

Sourced from wasm-bindgen-macro-support's releases.

0.2.118

Added

• Added Error::stack_trace_limit() and Error::set_stack_trace_limit() bindings to js-sys for the non-standard V8 Error.stackTraceLimit property. #5082

• Added support for multiple #[wasm_bindgen(start)] functions, which are chained together at initialization, as well as a new #[wasm_bindgen(start, private)] to register a start function without exporting it as a public export. #5081

• Reinitialization is no longer automatically applied when using panic=unwind and --experimental-reset-state-function, instead it is triggered by any use of the handler::schedule_reinit() function under panic=unwind, which is supported from within the on_abort handler for reinit workflows. Renamed handler::reinit() to handler::schedule_reinit() and removed the set_on_reinit() handler. The __instance_terminated address is now always a simple boolean (0 = live, 1 = terminated). #5083

• handler::schedule_reinit() now works under panic=abort builds. Previously it was a no-op; it now sets the JS-side reinit flag and the next export call transparently creates a fresh WebAssembly.Instance. #5099

Changed

• MSRV bump from 1.71 to 1.76 for the CLI, and 1.82 to 1.86 for the API #5102

Fixed

• ES module import statements are now hoisted to the top of generated JS files, placed right after the @ts-self-types directive. This ensures valid ES module output since import declarations must precede other statements. #5103

• Fixed two CLI issues affecting WASM modules built by rustc 1.94+. First, a panic (failed to find N in function table) caused by lld emitting element segment offsets as global.get $__table_base or extended const expressions instead of plain i32.const N for large function tables; the fix adds a const-expression evaluator in get_function_table_entry and guards against integer underflow in multi-segment tables. Second, the descriptor interpreter now routes all global reads/writes through a single globals HashMap seeded from the module's own globals, and mirrors the module's actual linear memory rather than a fixed 32KB buffer, so the stack pointer's real value is valid without any override. This fixes panics like `failed to find 32752 in function

... (truncated)

Changelog

Sourced from wasm-bindgen-macro-support's changelog.

0.2.118

Added

• Added Error::stack_trace_limit() and Error::set_stack_trace_limit() bindings to js-sys for the non-standard V8 Error.stackTraceLimit property. #5082

• Added support for multiple #[wasm_bindgen(start)] functions, which are chained together at initialization, as well as a new #[wasm_bindgen(start, private)] to register a start function without exporting it as a public export. #5081

• Reinitialization is no longer automatically applied when using panic=unwind and --experimental-reset-state-function, instead it is triggered by any use of the handler::schedule_reinit() function under panic=unwind, which is supported from within the on_abort handler for reinit workflows. Renamed handler::reinit() to handler::schedule_reinit() and removed the set_on_reinit() handler. The __instance_terminated address is now always a simple boolean (0 = live, 1 = terminated). #5083

• handler::schedule_reinit() now works under panic=abort builds. Previously it was a no-op; it now sets the JS-side reinit flag and the next export call transparently creates a fresh WebAssembly.Instance. #5099

Changed

• MSRV bump from 1.71 to 1.76 for the CLI, and 1.82 to 1.86 for the API #5102

Fixed

• ES module import statements are now hoisted to the top of generated JS files, placed right after the @ts-self-types directive. This ensures valid ES module output since import declarations must precede other statements. #5103

• Fixed two CLI issues affecting WASM modules built by rustc 1.94+. First, a panic (failed to find N in function table) caused by lld emitting element segment offsets as global.get $__table_base or extended const expressions instead of plain i32.const N for large function tables; the fix adds a const-expression evaluator in get_function_table_entry and guards against integer underflow in multi-segment tables. Second, the descriptor interpreter now routes all global reads/writes through a single globals HashMap seeded from the module's own globals, and mirrors the module's actual linear memory rather than a fixed 32KB buffer, so the stack pointer's real value is valid

... (truncated)

Commits

• 753bb7f Release 0.2.118 (#5100)
• a12884a fix: hoist ES module import statements to top of generated JS (#5103)
• 17d4344 fix: handle lifetime params in codegen for generic extern types (#5096)
• c0a6a82 fix: use thread_local_v2 for console.createTask feature detection (#5097)
• 5bd8fa9 chore: bump library MSRV to 1.77 and CLI MSRV to 1.86 (#5102)
• 6640596 feat: support schedule_reinit() under panic=abort builds (#5099)
• a44bc04 fix: auto-detect schedule_reinit and tighten termination guard (#5083)
• 48495bd fix: use globals HashMap for all global access in descriptor interpreter (#5095)
• 3a543f0 feat: add Error.stackTraceLimit getter and setter to js-sys (#5082)
• 06cb26c fix: mark unstable dictionary primitive-slice setters as unsafe (#5094)
• Additional commits viewable in compare view

Updates wasm-bindgen-shared from 0.2.117 to 0.2.118

Release notes

Sourced from wasm-bindgen-shared's releases.

0.2.118

Added

• Added Error::stack_trace_limit() and Error::set_stack_trace_limit() bindings to js-sys for the non-standard V8 Error.stackTraceLimit property. #5082

• Added support for multiple #[wasm_bindgen(start)] functions, which are chained together at initialization, as well as a new #[wasm_bindgen(start, private)] to register a start function without exporting it as a public export. #5081

• Reinitialization is no longer automatically applied when using panic=unwind and --experimental-reset-state-function, instead it is triggered by any use of the handler::schedule_reinit() function under panic=unwind, which is supported from within the on_abort handler for reinit workflows. Renamed handler::reinit() to handler::schedule_reinit() and removed the set_on_reinit() handler. The __instance_terminated address is now always a simple boolean (0 = live, 1 = terminated). #5083

• handler::schedule_reinit() now works under panic=abort builds. Previously it was a no-op; it now sets the JS-side reinit flag and the next export call transparently creates a fresh WebAssembly.Instance. #5099

Changed

• MSRV bump from 1.71 to 1.76 for the CLI, and 1.82 to 1.86 for the API #5102

Fixed

• ES module import statements are now hoisted to the top of generated JS files, placed right after the @ts-self-types directive. This ensures valid ES module output since import declarations must precede other statements. #5103

• Fixed two CLI issues affecting WASM modules built by rustc 1.94+. First, a panic (failed to find N in function table) caused by lld emitting element segment offsets as global.get $__table_base or extended const expressions instead of plain i32.const N for large function tables; the fix adds a const-expression evaluator in get_function_table_entry and guards against integer underflow in multi-segment tables. Second, the descriptor interpreter now routes all global reads/writes through a single globals HashMap seeded from the module's own globals, and mirrors the module's actual linear memory rather than a fixed 32KB buffer, so the stack pointer's real value is valid without any override. This fixes panics like `failed to find 32752 in function

... (truncated)

Changelog

Sourced from wasm-bindgen-shared's changelog.

0.2.118

Added

• Added Error::stack_trace_limit() and Error::set_stack_trace_limit() bindings to js-sys for the non-standard V8 Error.stackTraceLimit property. #5082

• Added support for multiple #[wasm_bindgen(start)] functions, which are chained together at initialization, as well as a new #[wasm_bindgen(start, private)] to register a start function without exporting it as a public export. #5081

• Reinitialization is no longer automatically applied when using panic=unwind and --experimental-reset-state-function, instead it is triggered by any use of the handler::schedule_reinit() function under panic=unwind, which is supported from within the on_abort handler for reinit workflows. Renamed handler::reinit() to handler::schedule_reinit() and removed the set_on_reinit() handler. The __instance_terminated address is now always a simple boolean (0 = live, 1 = terminated). #5083

• handler::schedule_reinit() now works under panic=abort builds. Previously it was a no-op; it now sets the JS-side reinit flag and the next export call transparently creates a fresh WebAssembly.Instance. #5099

Changed

• MSRV bump from 1.71 to 1.76 for the CLI, and 1.82 to 1.86 for the API #5102

Fixed

• ES module import statements are now hoisted to the top of generated JS files, placed right after the @ts-self-types directive. This ensures valid ES module output since import declarations must precede other statements. #5103

• Fixed two CLI issues affecting WASM modules built by rustc 1.94+. First, a panic (failed to find N in function table) caused by lld emitting element segment offsets as global.get $__table_base or extended const expressions instead of plain i32.const N for large function tables; the fix adds a const-expression evaluator in get_function_table_entry and guards against integer underflow in multi-segment tables. Second, the descriptor interpreter now routes all global reads/writes through a single globals HashMap seeded from the module's own globals, and mirrors the module's actual linear memory rather than a fixed 32KB buffer, so the stack pointer's real value is valid

... (truncated)

Commits

• 753bb7f Release 0.2.118 (#5100)
• a12884a fix: hoist ES module import statements to top of generated JS (#5103)
• 17d4344 fix: handle lifetime params in codegen for generic extern types (#5096)
• c0a6a82 fix: use thread_local_v2 for console.createTask feature detection (#5097)
• 5bd8fa9 chore: bump library MSRV to 1.77 and CLI MSRV to 1.86 (#5102)
• 6640596 feat: support schedule_reinit() under panic=abort builds (#5099)
• a44bc04 fix: auto-detect schedule_reinit and tighten termination guard (#5083)
• 48495bd fix: use globals HashMap for all global access in descriptor interpreter (#5095)
• 3a543f0 feat: add Error.stackTraceLimit getter and setter to js-sys (#5082)
• 06cb26c fix: mark unstable dictionary primitive-slice setters as unsafe (#5094)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions