chore(deps): bump the cargo group across 1 directory with 5 updates

[dependabot]

Bumps the cargo group with 5 updates in the /examples/hello-world/host directory:

Package	From	To
wasmtime	31.0.0	35.0.0
wasmtime-wasi	31.0.0	32.0.1
bytes	1.7.2	1.11.1
ring	0.17.8	0.17.14
tokio	1.40.0	1.50.0

Updates wasmtime from 31.0.0 to 35.0.0

Release notes

Sourced from wasmtime's releases.

v35.0.0

35.0.0

Released 2025-07-22.

Added

• A new InputFile type has been added for specifying stdin as a file in WASI. #10968

• Conditional branches to unconditional traps are now translated to conditional traps during legalization. #10988

• The TE HTTP header can now be specified by guests. #11002

• Winch on AArch64 should now pass all WebAssembly MVP tests. Note that it is still not yet Tier 1 at this time, however. #10829 #11013 #11031 #11051

• The x64 backend now has lowering rules for {add,sub,or,and} mem, imm #11043

• Initial support for WASIp2 in the C API has started to land. #11055 #11172

• Initial support for GC support in the component model has started to land (note that it is not finished yet). #10967 #11020

• The wasmtime-wasi-nn crate now has a feature to use a custom ONNX runtime. #11060

• Cranelift now optimizes division-by-constant operations to no longer use division. #11129

• A native-tls backend has been added for the wasi-tls implementation. #11064

Changed

• Many more instructions for the x64 backend in Cranelift were migrated to the new assembler.

... (truncated)

Changelog

Sourced from wasmtime's changelog.

44.0.0

Unreleased.

Added

Changed

---

Release notes for previous releases of Wasmtime can be found on the respective release branches of the Wasmtime repository.

• 43.0.x
• 42.0.x
• 41.0.x
• 40.0.x
• 39.0.x
• 38.0.x
• 37.0.x
• 36.0.x
• 35.0.x
• 34.0.x
• 33.0.x
• 32.0.x
• 31.0.x
• 30.0.x
• 29.0.x
• 28.0.x
• 27.0.x
• 26.0.x
• 25.0.x
• 24.0.x
• 23.0.x
• 22.0.x
• 21.0.x
• 20.0.x
• 19.0.x
• 18.0.x
• 17.0.x
• 16.0.x
• 15.0.x
• 14.0.x
• 13.0.x
• 12.0.x
• 11.0.x
• 10.0.x
• 9.0.x
• 8.0.x

... (truncated)

Commits

• 509af9e Release Wasmtime 35.0.0 (#11286)
• 99325c5 x64: Fix a missing lowering rule for select_spectre_guard (#11242) (#11248)
• 9f96bb6 Add more domains to tls_sample_application (#11265) (#11297)
• 62c7e83 [35.0.0] backport fd_renumber fixes (#11281)
• 8f7eeb0 Add #[inline] to some small functions (#11235) (#11252)
• 72cf4ca Fix section/symbol flags when setting the used flag (#11231)
• b3ec490 Allow marking data objects as used for the linker (#11214)
• 59f1af6 Add release notes (#11193)
• 1112ac1 Revert "update component-model-async plumbing (#11123)" (#11192)
• b63c25a fix(no_std)!: respect std feature when target is windows/unix (#11152)
• Additional commits viewable in compare view

Updates wasmtime-wasi from 31.0.0 to 32.0.1

Release notes

Sourced from wasmtime-wasi's releases.

v32.0.1

32.0.1

Released 2025-06-24.

Fixed

• Fix a panic with host-defined tables/globals and concrete reference types. #11103

v32.0.0

32.0.0

Released 2025-04-21.

Added

• {Module,Component}::deserialize_raw can now be used to deserialize an in-memory module while relying on external management of the memory. #10321

• An initial implementation of wasi-tls has been added. #10249

• The wasmtime CLI now supports hexadecimal integer CLI arguments. #10360

• Cranelift now supports a log2_min_function_alignment flag. #10391

• A new wasmtime objdump subcommand has been added to help explore and debug *.cwasm files. #10405

• Support for the pooling allocator has been added to the C API. #10484

• Support for the guest profiler with the component model has been added. #10507

Changed

• Cranelift MemFlags now has a can_move flag which restricts whether a load or store can be moved. #10340

• The .text size of Pulley *.cwasm files should be smaller with less padding. #10285

... (truncated)

Changelog

Sourced from wasmtime-wasi's changelog.

32.0.1

Released 2025-06-24.

Fixed

• Fix a panic with host-defined tables/globals and concrete reference types. #11103

---

32.0.0

Released 2025-04-21.

Added

• {Module,Component}::deserialize_raw can now be used to deserialize an in-memory module while relying on external management of the memory. #10321

• An initial implementation of wasi-tls has been added. #10249

• The wasmtime CLI now supports hexadecimal integer CLI arguments. #10360

• Cranelift now supports a log2_min_function_alignment flag. #10391

• A new wasmtime objdump subcommand has been added to help explore and debug *.cwasm files. #10405

• Support for the pooling allocator has been added to the C API. #10484

• Support for the guest profiler with the component model has been added. #10507

Changed

• Cranelift MemFlags now has a can_move flag which restricts whether a load or store can be moved. #10340

• The .text size of Pulley *.cwasm files should be smaller with less padding. #10285

... (truncated)

Commits

• ac65901 Release Wasmtime 32.0.1 (#11118)
• 7a5784e Fix tables holding their registered types (#11106)
• 721fa95 Make auto-publish script more robust (#11090) (#11110)
• 57c9948 Migrate run-tests.sh to Python (#10790) (#10800)
• b17d810 Add audits for new crates in Wasmtime (#10622) (#10684)
• d305495 Release Wasmtime 32.0.0 (#10617)
• 0f33cf9 Add release notes (#10558)
• 58ad911 Update how traps are rendered (#10523)
• 6f6e641 Update prettyplease dependency (#10522)
• b98f75a Bump MSRV to 1.84.0 (#10520)
• Additional commits viewable in compare view

Updates bytes from 1.7.2 to 1.11.1

Release notes

Sourced from bytes's releases.

Bytes v1.11.1

1.11.1 (February 3rd, 2026)

• Fix integer overflow in BytesMut::reserve

Bytes v1.11.0

1.11.0 (November 14th, 2025)

• Bump MSRV to 1.57 (#788)

Fixed

• fix: BytesMut only reuse if src has remaining (#803)
• Specialize BytesMut::put::<Bytes> (#793)
• Reserve capacity in BytesMut::put (#794)
• Change BytesMut::remaining_mut to use isize::MAX instead of usize::MAX (#795)

Internal changes

• Guarantee address in slice() for empty slices. (#780)
• Rename Vtable::to_* -> Vtable::into_* (#776)
• Fix latest clippy warnings (#787)
• Ignore BytesMut::freeze doctest on wasm (#790)
• Move drop_fn of from_owner into vtable (#801)

Bytes v1.10.1

1.10.1 (March 5th, 2025)

Fixed

• Fix memory leak when using to_vec with Bytes::from_owner (#773)

#773: tokio-rs/bytes#773

Bytes v1.10.0

1.10.0 (February 3rd, 2025)

Added

• Add feature to support platforms without atomic CAS (#467)
• try_get_* methods for Buf trait (#753)
• Implement Buf::chunks_vectored for Take (#617)
• Implement Buf::chunks_vectored for VecDeque<u8> (#708)

Fixed

• Remove incorrect guarantee for chunks_vectored (#754)
• Ensure that tests pass under panic=abort (#749)

... (truncated)

Changelog

Sourced from bytes's changelog.

1.11.1 (February 3rd, 2026)

• Fix integer overflow in BytesMut::reserve

1.11.0 (November 14th, 2025)

• Bump MSRV to 1.57 (#788)

Fixed

• fix: BytesMut only reuse if src has remaining (#803)
• Specialize BytesMut::put::<Bytes> (#793)
• Reserve capacity in BytesMut::put (#794)
• Change BytesMut::remaining_mut to use isize::MAX instead of usize::MAX (#795)

Internal changes

• Guarantee address in slice() for empty slices. (#780)
• Rename Vtable::to_* -> Vtable::into_* (#776)
• Fix latest clippy warnings (#787)
• Ignore BytesMut::freeze doctest on wasm (#790)
• Move drop_fn of from_owner into vtable (#801)

1.10.1 (March 5th, 2025)

Fixed

• Fix memory leak when using to_vec with Bytes::from_owner (#773)

1.10.0 (February 3rd, 2025)

Added

• Add feature to support platforms without atomic CAS (#467)
• try_get_* methods for Buf trait (#753)
• Implement Buf::chunks_vectored for Take (#617)
• Implement Buf::chunks_vectored for VecDeque<u8> (#708)

Fixed

• Remove incorrect guarantee for chunks_vectored (#754)
• Ensure that tests pass under panic=abort (#749)

1.9.0 (November 27, 2024)

Added

• Add Bytes::from_owner to enable externally-allocated memory (#742)

Documented

... (truncated)

Commits

• 417dccd Release bytes v1.11.1 (#820)
• d0293b0 Merge commit from fork
• a7952fb chore: prepare bytes v1.11.0 (#804)
• 60cbb77 fix: BytesMut only reuse if src has remaining (#803)
• 7ce330f Move drop_fn of from_owner into vtable (#801)
• 4b53a29 Tweak BytesMut::remaining_mut (#795)
• 016fdbd Reserve capacity in BytesMut::put (#794)
• ef7f257 Specialize BytesMut::put::<Bytes> (#793)
• 8b4f54d Ignore BytesMut::freeze doctest on wasm (#790)
• 16132ad Fix latest clippy warnings (#787)
• Additional commits viewable in compare view

Updates ring from 0.17.8 to 0.17.14

Changelog

Sourced from ring's changelog.

Version 0.17.14 (2025-03-11)

Fixed a performance bug in the AVX2-based AES-GCM implementation added in ring 0.17.13. This will be another notable performance improvement for most newish x86-64 systems. The performance issue impacted not just AES-GCM.

Compatibility with GNU binutils 2.29 (used on Amazon Linux 2), and probably even earlier versions, was restored. It is expected that ring 0.17.14 will build on all the systems that 0.17.12 would build on.

Version 0.17.13 (2025-03-06)

Increased MSRV to 1.66.0 to avoid bugs in earlier versions so that we can safely use core::arch::x86_64::__cpuid and core::arch::x86::__cpuid from Rust in future releases.

AVX2-based VAES-CLMUL implementation. This will be a notable performance improvement for most newish x86-64 systems. This will likely raise the minimum binutils version supported for very old Linux distros.

Version 0.17.12 (2025-03-05)

Bug fix: briansmith/ring#2447 for denial of service (DoS).

• Fixes a panic in ring::aead::quic::HeaderProtectionKey::new_mask() when integer overflow checking is enabled. In the QUIC protocol, an attacker can induce this panic by sending a specially-crafted packet. Even unintentionally it is likely to occur in 1 out of every 2**32 packets sent and/or received.

• Fixes a panic on 64-bit targets in ring::aead::{AES_128_GCM, AES_256_GCM} when overflow checking is enabled, when encrypting/decrypting approximately 68,719,476,700 bytes (about 64 gigabytes) of data in a single chunk. Protocols like TLS and SSH are not affected by this because those protocols break large amounts of data into small chunks. Similarly, most applications will not attempt to encrypt/decrypt 64GB of data in one chunk.

Overflow checking is not enabled in release mode by default, but RUSTFLAGS="-C overflow-checks" or overflow-checks = true in the Cargo.toml profile can override this. Overflow checking is usually enabled by default in debug mode.

Commits

• See full diff in compare view

Updates tokio from 1.40.0 to 1.50.0

Release notes

Sourced from tokio's releases.

Tokio v1.50.0

1.50.0 (Mar 3rd, 2026)

Added

• net: add TcpStream::set_zero_linger (#7837)
• rt: add is_rt_shutdown_err (#7771)

Changed

• io: add optimizer hint that memchr returns in-bounds pointer (#7792)
• io: implement vectored writes for write_buf (#7871)
• runtime: panic when event_interval is set to 0 (#7838)
• runtime: shorten default thread name to fit in Linux limit (#7880)
• signal: remember the result of SetConsoleCtrlHandler (#7833)
• signal: specialize windows Registry (#7885)

Fixed

• io: always cleanup AsyncFd registration list on deregister (#7773)
• macros: remove (most) local use declarations in tokio::select! (#7929)
• net: fix GET_BUF_SIZE constant for target_os = "android" (#7889)
• runtime: avoid redundant unpark in current_thread scheduler (#7834)
• runtime: don't park in current_thread if before_park defers waker (#7835)
• io: fix write readiness on ESP32 on short writes (#7872)
• runtime: wake deferred tasks before entering block_in_place (#7879)
• sync: drop rx waker when oneshot receiver is dropped (#7886)
• runtime: fix double increment of num_idle_threads on shutdown (#7910, #7918, #7922)

Unstable

• fs: check for io-uring opcode support (#7815)
• runtime: avoid lock acquisition after uring init (#7850)

Documented

• docs: update outdated unstable features section (#7839)
• io: clarify the behavior of AsyncWriteExt::shutdown() (#7908)
• io: explain how to flush stdout/stderr (#7904)
• io: fix incorrect and confusing AsyncWrite documentation (#7875)
• rt: clarify the documentation of Runtime::spawn (#7803)
• rt: fix missing quotation in docs (#7925)
• runtime: correct the default thread name in docs (#7896)
• runtime: fix event_interval doc (#7932)
• sync: clarify RwLock fairness documentation (#7919)
• sync: clarify that recv returns None once closed and no more messages (#7920)
• task: clarify when to use spawn_blocking vs dedicated threads (#7923)
• task: doc that task drops before JoinHandle completion (#7825)
• signal: guarantee that listeners never return None (#7869)
• task: fix task module feature flags in docs (#7891)

... (truncated)

Commits

• 0273e45 chore: prepare Tokio v1.50.0 (#7934)
• e3ee4e5 chore: prepare tokio-macros v2.6.1 (#7943)
• 8c980ea io: add write_all_vectored to tokio-util (#7768)
• e35fd6d ci: fix patch during clippy step (#7935)
• 03fe44c runtime: fix event_interval doc (#7932)
• d18e5df io: fix race in Mock::poll_write (#7882)
• f21f269 runtime: fix race condition during the blocking pool shutdown (#7922)
• d81e8f0 macros: remove (most) local use declarations in tokio::select! (#7929)
• 25e7f26 rt: fix missing quotation in docs (#7925)
• e1a91ef util: fix typo in docs (#7926)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #3.