chore(deps): Bump the wit group across 1 directory with 3 updates by dependabot[bot] · Pull Request #190 · arcjet/gravity

dependabot · 2026-04-20T19:29:03Z

Bumps the wit group with 3 updates in the / directory: wit-bindgen-core, wit-component and wit-bindgen.

Updates wit-bindgen-core from 0.53.1 to 0.56.0

Release notes

Sourced from wit-bindgen-core's releases.

v0.56.0

What's Changed

[C#] Add cancel support for futures and streams by @yowl in bytecodealliance/wit-bindgen#1580

moonbit: lay groundwork for async runtime support by @peter-jerry-ye in bytecodealliance/wit-bindgen#1581

Add map support by @yordis in bytecodealliance/wit-bindgen#1562

[cpp] Add missing doc strings for some types by @Lucky1313 in bytecodealliance/wit-bindgen#1573

C# Fixes wasi http header bug and adds a test for it by @silesmo in bytecodealliance/wit-bindgen#1215

feat(go): add map type support by @yordis in bytecodealliance/wit-bindgen#1583

feat(moonbit): add map type support by @yordis in bytecodealliance/wit-bindgen#1584

Limit async stream read/write lengths by @alexcrichton in bytecodealliance/wit-bindgen#1588

Release wit-bindgen 0.56.0 by @github-actions[bot] in bytecodealliance/wit-bindgen#1589

New Contributors

@yordis made their first contribution in bytecodealliance/wit-bindgen#1562

Full Changelog: bytecodealliance/wit-bindgen@v0.55.0...v0.56.0

v0.55.0

What's Changed

[rust] bindgen path supports env!() macro by @kvcache in bytecodealliance/wit-bindgen#1569

add --export-pkg-name to Go options by @dicej in bytecodealliance/wit-bindgen#1572

add --include-versions option to Go generator by @dicej in bytecodealliance/wit-bindgen#1574

Adapter to impl futures::Stream by @fibonacci1729 in bytecodealliance/wit-bindgen#1575

Update wasm-tools deps and wac by @ricochet in bytecodealliance/wit-bindgen#1578

Release wit-bindgen 0.55.0 by @github-actions[bot] in bytecodealliance/wit-bindgen#1579

New Contributors

@kvcache made their first contribution in bytecodealliance/wit-bindgen#1569

Full Changelog: bytecodealliance/wit-bindgen@v0.54.0...v0.55.0

v0.54.0

What's Changed

fix: support named fixed-length list types in code generation by @sumleo in bytecodealliance/wit-bindgen#1537

fix(rust): no entry found for key by @ricochet in bytecodealliance/wit-bindgen#1547

C#: Dont close the block comment if the user comment contains */ by @yowl in bytecodealliance/wit-bindgen#1533

feat: migrate to vanity imports by @asteurer in bytecodealliance/wit-bindgen#1548

[C#] Remove 'readonly' from struct and field definitions by @andreakarasho in bytecodealliance/wit-bindgen#1546

fix(rust): Restrict equal types to the current world by @chenyan2002 in bytecodealliance/wit-bindgen#1549

C#: Add partial support for Futures and Streams by @yowl in bytecodealliance/wit-bindgen#1529

MoonBit fixes by @vigoo in bytecodealliance/wit-bindgen#1553

chore: bump go-pkg version by @asteurer in bytecodealliance/wit-bindgen#1557

fix: update submodule by @asteurer in bytecodealliance/wit-bindgen#1558

feat: add empty.s to generated directories by @asteurer in bytecodealliance/wit-bindgen#1560

[C#] Remove WaitableSet and its global. Tidy in codegen by @yowl in bytecodealliance/wit-bindgen#1552

[C#] Add resolving of equivalent types. by @yowl in bytecodealliance/wit-bindgen#1563

ci: add riscv64gc-unknown-linux-gnu to release artifacts by @gounthar in bytecodealliance/wit-bindgen#1568

Release wit-bindgen 0.54.0 by @github-actions[bot] in bytecodealliance/wit-bindgen#1570

New Contributors

... (truncated)

Commits

9f20dc3 Release wit-bindgen 0.56.0 (#1589)
d1eab2f Limit async stream read/write lengths (#1588)
a4b3eb1 feat(moonbit): add map type support (#1584)
7b5c1c6 feat(go): add map type support (#1583)
4992ae6 C# Fixes wasi http header bug and adds a test for it (#1215)
2ca3b8c [cpp] Add missing doc strings for some types (#1573)
958027c Add map support (#1562)
81ce0de moonbit: lay groundwork for async runtime support (#1581)
a55ad81 [C#] Add cancel support for futures and streams (#1580)
d461cf6 Release wit-bindgen 0.55.0 (#1579)
Additional commits viewable in compare view

Updates wit-component from 0.245.1 to 0.246.2

Commits

See full diff in compare view

Updates wit-bindgen from 0.53.1 to 0.56.0

Commits

9f20dc3 Release wit-bindgen 0.56.0 (#1589)
d1eab2f Limit async stream read/write lengths (#1588)
a4b3eb1 feat(moonbit): add map type support (#1584)
7b5c1c6 feat(go): add map type support (#1583)
4992ae6 C# Fixes wasi http header bug and adds a test for it (#1215)
2ca3b8c [cpp] Add missing doc strings for some types (#1573)
958027c Add map support (#1562)
81ce0de moonbit: lay groundwork for async runtime support (#1581)
a55ad81 [C#] Add cancel support for futures and streams (#1580)
d461cf6 Release wit-bindgen 0.55.0 (#1579)
Additional commits viewable in compare view

socket-security · 2026-04-20T19:29:23Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	cargo/wit-bindgen@0.53.1 ⏵ 0.56.0
	cargo/wit-bindgen-core@0.53.1 ⏵ 0.56.0
	cargo/wit-component@0.245.1 ⏵ 0.246.2

View full report

socket-security · 2026-04-20T19:29:25Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Environment variable access: cargo `macro-string` Location: Package overview From: `?` → `cargo/wit-bindgen@0.56.0` → `cargo/macro-string@0.2.0` ℹ Read more on: This package \| This alert \| What is environment variable access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should be clear about which environment variables they access, and care should be taken to ensure they only access environment variables they claim to. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore cargo/macro-string@0.2.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Bumps the wit group with 3 updates in the / directory: [wit-bindgen-core](https://github.com/bytecodealliance/wit-bindgen), [wit-component](https://github.com/bytecodealliance/wasm-tools) and [wit-bindgen](https://github.com/bytecodealliance/wit-bindgen). Updates `wit-bindgen-core` from 0.53.1 to 0.56.0 - [Release notes](https://github.com/bytecodealliance/wit-bindgen/releases) - [Commits](bytecodealliance/wit-bindgen@v0.53.1...v0.56.0) Updates `wit-component` from 0.245.1 to 0.246.2 - [Release notes](https://github.com/bytecodealliance/wasm-tools/releases) - [Commits](https://github.com/bytecodealliance/wasm-tools/commits) Updates `wit-bindgen` from 0.53.1 to 0.56.0 - [Release notes](https://github.com/bytecodealliance/wit-bindgen/releases) - [Commits](bytecodealliance/wit-bindgen@v0.53.1...v0.56.0) --- updated-dependencies: - dependency-name: wit-bindgen-core dependency-version: 0.56.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: wit - dependency-name: wit-component dependency-version: 0.246.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: wit - dependency-name: wit-bindgen dependency-version: 0.56.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: wit ... Signed-off-by: dependabot[bot] <support@github.com>

…persedes #190) (#192) * chore(deps): Bump the wit group across 1 directory with 3 updates Bumps the wit group with 3 updates in the / directory: [wit-bindgen-core](https://github.com/bytecodealliance/wit-bindgen), [wit-component](https://github.com/bytecodealliance/wasm-tools) and [wit-bindgen](https://github.com/bytecodealliance/wit-bindgen). Updates `wit-bindgen-core` from 0.53.1 to 0.56.0 - [Release notes](https://github.com/bytecodealliance/wit-bindgen/releases) - [Commits](bytecodealliance/wit-bindgen@v0.53.1...v0.56.0) Updates `wit-component` from 0.245.1 to 0.246.2 - [Release notes](https://github.com/bytecodealliance/wasm-tools/releases) - [Commits](https://github.com/bytecodealliance/wasm-tools/commits) Updates `wit-bindgen` from 0.53.1 to 0.56.0 - [Release notes](https://github.com/bytecodealliance/wit-bindgen/releases) - [Commits](bytecodealliance/wit-bindgen@v0.53.1...v0.56.0) --- updated-dependencies: - dependency-name: wit-bindgen-core dependency-version: 0.56.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: wit - dependency-name: wit-component dependency-version: 0.246.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: wit - dependency-name: wit-bindgen dependency-version: 0.56.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: wit ... Signed-off-by: dependabot[bot] <support@github.com> * fix: handle new Instruction variants introduced by wit-bindgen-core 0.56 wit-bindgen-core 0.56 added map<K,V> support, introducing MapLower, MapLift, IterMapKey, IterMapValue, and GuestDeallocateMap variants to Instruction. Gravity's match is intentionally exhaustive so that new upstream variants break the build rather than silently producing wrong Go. GuestDeallocateMap joins the existing "gravity doesn't generate the Guest code" group. The four Map lower/lift/iter variants todo!() until gravity grows Go map codegen. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

dependabot · 2026-04-21T21:07:17Z

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Apr 20, 2026

dependabot Bot requested a review from a team as a code owner April 20, 2026 19:29

dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Apr 20, 2026

dependabot Bot force-pushed the dependabot/cargo/wit-5ef946679a branch from 5b52905 to b3599db Compare April 20, 2026 23:04

arcjet-rei mentioned this pull request Apr 21, 2026

fix: handle new map Instruction variants in wit-bindgen-core 0.56 (supersedes #190) #192

Merged

6 tasks

arcjet-rei closed this Apr 21, 2026

dependabot Bot deleted the dependabot/cargo/wit-5ef946679a branch April 21, 2026 21:07

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): Bump the wit group across 1 directory with 3 updates#190

chore(deps): Bump the wit group across 1 directory with 3 updates#190
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/wit-5ef946679a

dependabot Bot commented on behalf of github Apr 20, 2026 •

edited

Loading

Uh oh!

socket-security Bot commented Apr 20, 2026 •

edited

Loading

Uh oh!

socket-security Bot commented Apr 20, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github Apr 21, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Apr 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v0.56.0

What's Changed

New Contributors

v0.55.0

What's Changed

New Contributors

v0.54.0

What's Changed

New Contributors

Uh oh!

socket-security Bot commented Apr 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

socket-security Bot commented Apr 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

dependabot Bot commented on behalf of github Apr 21, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github Apr 20, 2026 •

edited

Loading

socket-security Bot commented Apr 20, 2026 •

edited

Loading

socket-security Bot commented Apr 20, 2026 •

edited

Loading