chore(deps): bump the all-dependencies group across 1 directory with 13 updates

[dependabot]

Bumps the all-dependencies group with 13 updates in the / directory:

Package	From	To
digest	0.10.7	0.11.3
hmac	0.12.1	0.13.0
indexmap	2.13.0	2.14.0
log	0.4.29	0.4.30
rand	0.8.5	0.9.2
reqwest	0.13.2	0.13.4
rfc6979	0.4.0	0.5.0
semver	1.0.27	1.0.28
serde_json	1.0.149	1.0.150
serde_with	3.18.0	3.20.0
sha2	0.10.9	0.11.0
sha3	0.10.8	0.12.0
starknet-types-core	0.2.4	1.0.0

Updates digest from 0.10.7 to 0.11.3

Commits

• 2fb9ed8 Release digest v0.11.3 (#2402)
• 086cf38 digest: add TryCustomizedInit trait (#2395)
• 9488e7e signature v3.0.0 (#2400)
• 2917d19 build(deps): bump the all-deps group across 1 directory with 4 updates (#2398)
• 7b029ba signature: add AsyncVerifier, AsyncMultipartVerifier, `AsyncDigestVerifie...
• c6d4dd7 elliptic-curve v0.14.0-rc.32 (#2399)
• f2069a2 elliptic-curve: bump pkcs8 to v0.11 (#2397)
• 8250383 elliptic-curve: bump pkcs8 to v0.11.0-rc.12 (#2396)
• 54e464f signature: remove long-winded intro section in rustdoc (#2392)
• 5cb62a4 signature: enable/fix workspace-level lints; reformat docs (#2391)
• Additional commits viewable in compare view

Updates hmac from 0.12.1 to 0.13.0

Commits

• 0236c8e hmac v0.13.0 (#263)
• b895e50 Migrate tests to the new blobby format (#264)
• 3d1440b Workspace-level lint configuration (#261)
• 11d4f36 hmac: use release versions of dev-dependencies (#260)
• c40b82b hmac: bump sha2 dev-dependency to v0.11 (#259)
• 1fa0781 Cut rc.5 prereleases (#258)
• a008265 hmac v0.13.0-rc.6 (#256)
• da485cd Use (Reset)MacTraits (#254)
• 2c51e3b hmac: derive Clone instead of relying on (Reset)MacTraits (#253)
• 669d805 Relax Clone bounds (#250)
• Additional commits viewable in compare view

Updates indexmap from 2.13.0 to 2.14.0

Changelog

Sourced from indexmap's changelog.

2.14.0 (2026-04-09)

• MSRV: Rust 1.85.0 or later is now required.
• Updated the hashbrown dependency to 0.17.
• Made more map::Slice methods const: new_mut, first_mut, last_mut, split_at_mut, split_at_mut_checked, split_first_mut, split_last_mut

2.13.1 (2026-04-02)

• Made some Slice methods const:
  • map::Slice::{first,last,split_at,split_at_checked,split_first,split_last}
  • set::Slice::{first,last,split_at,split_at_checked,split_first,split_last}

Commits

• bcd165b Merge pull request #439 from cuviper/release-2.14.0
• 4ef06a7 Release 2.14.0
• d21826c Merge pull request #438 from cuviper/hashbrown-0.17
• 2566bec Upgrade to hashbrown v0.17
• 4b62776 Merge pull request #437 from cuviper/disjoint-panic
• 478fba2 Normalize the panic doc of get_disjoint_mut
• fb6dafd Merge pull request #436 from cuviper/const-slice-mut
• 5c237a2 Make Slice::{first,last,split_*}_mut methods const
• 48ff9ce Merge pull request #435 from cuviper/edition-2024
• 648be98 cargo fmt with edition 2024
• Additional commits viewable in compare view

Updates log from 0.4.29 to 0.4.30

Release notes

Sourced from log's releases.

0.4.30

What's Changed

• Support capturing of std::net types by @​KodrAus in rust-lang/log#724

New Contributors

• @​V0ldek made their first contribution in rust-lang/log#720
• @​woodruffw made their first contribution in rust-lang/log#723

Full Changelog: rust-lang/log@0.4.29...0.4.30

Notable Changes

• MSRV is bumped to 1.71.0 in rust-lang/log#723

Changelog

Sourced from log's changelog.

[0.4.30] - 2026-05-21

What's Changed

• Support capturing of std::net types by @​KodrAus in rust-lang/log#724

New Contributors

• @​V0ldek made their first contribution in rust-lang/log#720
• @​woodruffw made their first contribution in rust-lang/log#723

Full Changelog: rust-lang/log@0.4.29...0.4.30

Notable Changes

• MSRV is bumped to 1.71.0 in rust-lang/log#723

Commits

• 9c55760 Merge pull request #725 from rust-lang/cargo/0.4.30
• d1acb05 update docs on current MSRV and note latest bump in changelog
• 5068293 prepare for 0.4.30 release
• 7ccd873 Merge pull request #724 from rust-lang/feat/net-to-value
• 923dfaa fix up test cfgs
• ecb7de8 gate net value impls on std
• 67bb4f6 run fmt
• 25f49fe rework net type capturing
• 7087dcb feat: impl ToValue for core::net types
• 67bc7e3 Merge pull request #723 from woodruffw-forks/ww/ci
• Additional commits viewable in compare view

Updates rand from 0.8.5 to 0.9.2

Changelog

Sourced from rand's changelog.

[0.9.2] - 2025-07-20

Deprecated

• Deprecate rand::rngs::mock module and StepRng generator (#1634)

Additions

• Enable WeightedIndex<usize> (de)serialization (#1646)

[0.9.1] - 2025-04-17

Security and unsafe

• Revise "not a crypto library" policy again (#1565)
• Remove zerocopy dependency from rand (#1579)

Fixes

• Fix feature simd_support for recent nightly rust (#1586)

Changes

• Allow fn rand::seq::index::sample_weighted and fn IndexedRandom::choose_multiple_weighted to return fewer than amount results (#1623), reverting an undocumented change (#1382) to the previous release.

Additions

• Add rand::distr::Alphabetic distribution. (#1587)
• Re-export rand_core (#1604)

#1565: rust-random/rand#1565 #1579: rust-random/rand#1579 #1586: rust-random/rand#1586 #1587: rust-random/rand#1587 #1604: rust-random/rand#1604 #1623: rust-random/rand#1623 #1634: rust-random/rand#1634 #1646: rust-random/rand#1646

[0.9.0] - 2025-01-27

Security and unsafe

• Policy: "rand is not a crypto library" (#1514)
• Remove fork-protection from ReseedingRng and ThreadRng. Instead, it is recommended to call ThreadRng::reseed on fork. (#1379)
• Use zerocopy to replace some unsafe code (#1349, #1393, #1446, #1502)

Dependencies

• Bump the MSRV to 1.63.0 (#1207, #1246, #1269, #1341, #1416, #1536); note that 1.60.0 may work for dependents when using --ignore-rust-version
• Update to rand_core v0.9.0 (#1558)

Features

• Support std feature without getrandom or rand_chacha (#1354)
• Enable feature small_rng by default (#1455)
• Remove implicit feature rand_chacha; use std_rng instead. (#1473)
• Rename feature serde1 to serde (#1477)
• Rename feature getrandom to os_rng (#1537)

... (truncated)

Commits

• d3dd415 Prepare rand_core 0.9.2 (#1605)
• 99fabd2 Prepare rand_core 0.9.2
• c7fe1c4 rand: re-export rand_core (#1604)
• db2b1e0 rand: re-export rand_core
• ee1d96f rand_core: implement reborrow for UnwrapMut (#1595)
• e0eb2ee rand_core: implement reborrow for UnwrapMut
• 975f602 fixup clippy 1.85 warnings
• 775b05b Relax Sized requirements for blanket impls (#1593)
• ec6d5c0 Prepare rand_core v0.9.1 (#1591)
• 6a06056 rand_core: introduce an UnwrapMut wrapper (#1589)
• Additional commits viewable in compare view

Updates reqwest from 0.13.2 to 0.13.4

Release notes

Sourced from reqwest's releases.

v0.13.4

tl;dr

• Add ClientBuilder::tls_sslkeylogfile(bool) option to allow using the related environment variable.
• Add ClientBuilder::http2_keep_alive_* options for the blocking client.
• Add TLS 1.3 support when using native-tls backend.
• Fix redirect handling to strip sensitive headers when the scheme changes.
• Fix HTTP/3 happy-eyeball connection creation.
• Upgrade hickory-resolver to 0.26.

What's Changed

• fix(tls): improve rustls-no-provider panic message and add module docs by @​smythg4 in seanmonstar/reqwest#3021
• fix: do not lose the url in error when decoding json by @​Dushistov in seanmonstar/reqwest#3026
• Add tls_sslkeylogfile builder method by @​passcod in seanmonstar/reqwest#2923
• fix(redirect): strip sensitive headers on scheme change across redirects by @​SAY-5 in seanmonstar/reqwest#3034
• chore: upgrade MSRV to 1.85 by @​seanmonstar in seanmonstar/reqwest#3038
• chore: clean up minimal-versions CI job by @​seanmonstar in seanmonstar/reqwest#3039
• fix(http3): use happy eyeballs for h3 connect by @​lyuzichong in seanmonstar/reqwest#3030
• fix: update hickory-resolver to 0.26 and adjust code accordingly by @​seanmonstar in seanmonstar/reqwest#3040
• fix: remove unwrap in hickory initialization by @​mat813 in seanmonstar/reqwest#3041
• feat(https): support TLS 1.3 as min version under native-tls 🎉 by @​AverageHelper in seanmonstar/reqwest#2975
• Expose keep alive configurations in blocking client by @​aeb-dev in seanmonstar/reqwest#3043
• Prepare v0.13.4 by @​seanmonstar in seanmonstar/reqwest#3046

New Contributors

• @​smythg4 made their first contribution in seanmonstar/reqwest#3021
• @​Dushistov made their first contribution in seanmonstar/reqwest#3026
• @​SAY-5 made their first contribution in seanmonstar/reqwest#3034
• @​mat813 made their first contribution in seanmonstar/reqwest#3041
• @​AverageHelper made their first contribution in seanmonstar/reqwest#2975
• @​aeb-dev made their first contribution in seanmonstar/reqwest#3043

Full Changelog: seanmonstar/reqwest@v0.13.3...v0.13.4

v0.13.3

tl;dr

• Fix CertificateRevocationList parsing of PEM values.
• Fix logging in resolver to only show host, not full URL.
• Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
• Fix HTTP/3 to handle STOP_SENDING as not an error.
• Fix HTTP/3 pool to remove timed out QUIC connections.
• Fix HTTP/3 connection establishment picking IPv4 and IPv6.
• Upgrade rustls-platform-verifier.
• (wasm) Only use wasm-bindgen on unknown-* targets.

What's Changed

• Update docs.rs Features by @​JamesWiresmith in seanmonstar/reqwest#2961
• fix: fallback to hickory_resolver's default config if reading /etc/resolv.conf fails by @​monosans in seanmonstar/reqwest#2797
• fix: remove timeout con by @​cuiweixie in seanmonstar/reqwest#2967
• http3: handle stop_sending without error by @​anuraaga in seanmonstar/reqwest#2978

... (truncated)

Changelog

Sourced from reqwest's changelog.

v0.13.4

• Add ClientBuilder::tls_sslkeylogfile(bool) option to allow using the related environment variable.
• Add ClientBuilder::http2_keep_alive_* options for the blocking client.
• Add TLS 1.3 support when using native-tls backend.
• Fix redirect handling to strip sensitive headers when the scheme changes.
• Fix HTTP/3 happy-eyeball connection creation.
• Upgrade hickory-resolver to 0.26.

v0.13.3

• Fix CertificateRevocationList parsing of PEM values.
• Fix logging in resolver to only show host, not full URL.
• Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
• Fix HTTP/3 to handle STOP_SENDING as not an error.
• Fix HTTP/3 pool to remove timed out QUIC connections.
• Fix HTTP/3 connection establishment picking IPv4 and IPv6.
• Upgrade rustls-platform-verifier.
• (wasm) Only use wasm-bindgen on unknown-* targets.

Commits

• 11489b3 v0.13.4
• d31ffbb feat: Expose HTTP2 keep alive configurations in blocking client (#3043)
• 79ed0d7 feat: support TLS 1.3 as min version under native-tls 🎉 (#2975)
• fb7bf6a fix: remove unwrap in hickory initialization (#3041)
• 3da616f fix: update hickory-resolver to 0.26 and adjust code accordingly (#3040)
• c77e7b2 fix(http3): use happy eyeballs for h3 connect (#3030)
• 9cbb65b chore: clean up minimal-versions CI job (#3039)
• 17a7dc5 chore: upgrade MSRV to 1.85 (#3038)
• 03db63a fix(redirect): strip sensitive headers on scheme change across redirects (#3034)
• 4b813a8 feat: add tls_sslkeylogfile builder method (#2923)
• Additional commits viewable in compare view

Updates rfc6979 from 0.4.0 to 0.5.0

Commits

• ebe040e rfc6979 v0.5.0 (#1337)
• 4854bcf ml-dsa: optimize rejection sampling in rej_(ntt|bounded)_poly (#1291)
• 2399f8a build(deps): bump digest from 0.11.2 to 0.11.3 (#1329)
• 8c849e0 rfc6979: apply and fix workspace-level lints (#1336)
• 78c2b75 ed448 v0.5.0 (#1335)
• 668b851 ed448: apply and fix workspace-level lints (#1334)
• 3f353f9 ed448: use serdect for serde support (#1333)
• 2ac115c build(deps): bump serdect from 0.4.2 to 0.4.3 (#1330)
• d5012d5 ed25519: add back serde_bytes support (#1332)
• b60664e build(deps): bump crate-ci/typos from 1.45.0 to 1.46.0 (#1331)
• Additional commits viewable in compare view

Updates semver from 1.0.27 to 1.0.28

Release notes

Sourced from semver's releases.

1.0.28

• Documentation improvements

Commits

• 7625c7a Release 1.0.28
• fd404d0 Merge pull request 351 from czy-29/master
• f75f26e The doc_auto_cfg and doc_cfg features have been merged
• 9e2bfa2 Enable serde on docs.rs and automatically add serde flag to the docs
• 8591f23 Unpin CI miri toolchain
• 66bdd2c Pin CI miri to nightly-2026-02-11
• 324ffce Switch from cargo bench to criterion
• 34133a5 Update actions/upload-artifact@v5 -> v6
• 7f935ff Update actions/upload-artifact@v4 -> v5
• c07fb91 Switch from test::black_box to std::hint::black_box
• Additional commits viewable in compare view

Updates serde_json from 1.0.149 to 1.0.150

Release notes

Sourced from serde_json's releases.

v1.0.150

• Reject non-string enum object keys (#1324, thanks @​puneetdixit200)

Commits

• a1ae73a Release 1.0.150
• 1a360b0 Merge pull request #1324 from puneetdixit200/reject-non-string-enum-keys
• 2037b63 Reject non-string enum object keys
• 5d30df6 Resolve manual_assert_eq pedantic clippy lint
• dc8003a Raise required compiler for preserve_order feature to 1.85
• a42fa98 Unpin CI miri toolchain
• 684a60e Pin CI miri to nightly-2026-02-11
• 7c7da33 Raise required compiler to Rust 1.71
• acf4850 Simplify Number::is_f64
• 6b8ceab Resolve unnecessary_map_or clippy lint
• Additional commits viewable in compare view

Updates serde_with from 3.18.0 to 3.20.0

Release notes

Sourced from serde_with's releases.

serde_with v3.20.0

Added

• Add support for base58 encoding, similar to the existing base64 setup by @​mitinarseny (#943)

Fixed

• Extend base64 with schemars support by @​mitinarseny (#9949)

serde_with v3.19.0

Added

• Add support for hashbrown v0.17 (#940)

  This extends the existing support for hashbrown to the newly released version.

Commits

• f1b06c7 Bump version to 3.20.0 (#953)
• 11fe1c5 Bump version to 3.20.0
• 222b9aa Include Rust 1.95 in the CI matrix (#951)
• 993770c Include Rust 1.95 in the CI matrix
• 731b00b feat: automatic schemars support for Base64 (#949)
• 93d6d9d Bump github/codeql-action from 4.35.2 to 4.35.3 in the github-actions group (...
• 59bc97b Bump github/codeql-action in the github-actions group
• 84f2e40 feat: automatic schemars support for base64
• ff837ab feat: base58 (#943)
• 9fda9ce chore: bring back newline
• Additional commits viewable in compare view

Updates sha2 from 0.10.9 to 0.11.0

Commits

• ffe0939 Release sha2 0.11.0 (#806)
• 8991b65 Use the standard order of the [package] section fields (#807)
• 3d2bc57 sha2: refactor backends (#802)
• faa55fb sha3: bump keccak to v0.2 (#803)
• d3e6489 sha3 v0.11.0-rc.9 (#801)
• bbf6f51 sha2: tweak backend docs (#800)
• 155dbbf sha3: add default value for the DS generic parameter on TurboShake128/256...
• ed514f2 Use published version of keccak v0.2 (#799)
• 702bcd8 Migrate to closure-based keccak (#796)
• 827c043 sha3 v0.11.0-rc.8 (#794)
• Additional commits viewable in compare view

Updates sha3 from 0.10.8 to 0.12.0

Commits

• 0bdea4f Release sha3 v0.12.0 (#875)
• 0dab7bc sha3: remove rate duplication in the implementation macro (#874)
• 89b2f75 Add reference to RustCrypto/XOFs to the root README (#873)
• 2b33f7b Migrate XOF crates to RustCrypto/XOFs (#872)
• 7b4cced sha3: move SHAKE into separate shake crate (#869)
• 5d6d720 cshake: fix documentation and keywords fields in Cargo.toml (#870)
• 6b89f1f Release turboshake v0.7.0 (#868)
• 73a8faf turboshake: introduce separate customizable type aliases (#866)
• d994610 md5: add note about library renaming (#867)
• 25a14b0 Release k12 v0.5.0 (#865)
• Additional commits viewable in compare view

Updates starknet-types-core from 0.2.4 to 1.0.0

Release notes

Sourced from starknet-types-core's releases.

v0.3.0

What's Changed

• Filip/secret felt implementation by @​FilipLaurentiu in starknet-io/types-rs#144
• fix(felt): full fmt specs implem by @​tdelabro in starknet-io/types-rs#150
• Bump Lambdaworks to 0.12.0 by @​JulianGCalderon in starknet-io/types-rs#151
• fix: invalid assert! usage inside const fn by @​mdqst in starknet-io/types-rs#154
• update GitHub actions in CI workflows by @​PixelPil0t1 in starknet-io/types-rs#153
• Add QM31 Lambdaworks wrapper by @​JulianGCalderon in starknet-io/types-rs#152
• feat: improve non-human-readable felt serialization space efficiency by @​tdelabro in starknet-io/types-rs#155
• Dori/restore sizeof by @​dorimedini-starkware in starknet-io/types-rs#157
• Dori/revert sizeof by @​dorimedini-starkware in starknet-io/types-rs#158
• chore: bump version by @​0xLucqs in starknet-io/types-rs#160

New Contributors

• @​JulianGCalderon made their first contribution in starknet-io/types-rs#151
• @​mdqst made their first contribution in starknet-io/types-rs#154

Full Changelog: starknet-io/types-rs@core-v0.2.0...core-v0.3.0

Commits

• a48ec04 chore: bump 1.0.0 (#177)
• b345aca doc: fix comment (#176)
• 5d2adac docs: fix typo in short_string module comments (#174)
• 9f2e6ff chore: rename papyrus to apollo (#178)
• 41f2739 build: temporary fix generic-array version to 0.14 due to deprecation (#175)
• 61d82f0 chore: bump core version to 0.4.0 (#170)
• b80679a doc: correct typos in u256 module documentation and error messages (#169)
• ef07dac chore(felt): rename from_hex_unchecked to from_hex_unwrap (#162)
• da5edb3 test(felt): enforce Felt::from_hex new upper bound limit (#167)
• d1f4ab7 refacto: blake hash and pack to felt utils to be pub (#164)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions