{ "interval": { "intervalStart": "2026-04-22T00:00:00.000Z", "intervalEnd": "2026-04-23T00:00:00.000Z", "intervalType": "day" }, "repository": "elizaos/eliza", "overview": "From 2026-04-22 to 2026-04-23, elizaos/eliza had 41 new PRs (37 merged), 1 new issues, and 8 active contributors.", "topIssues": [ { "id": "I_kwDOMT5cIs8AAAABAKqtpQ", "title": "telegram read receipts should fetch by message IDs and avoid nested receipt lookup", "author": "dutchiono", "number": 7009, "repository": "elizaos/eliza", "body": "## Summary\nA follow-up is needed after the fix in commit `55f4f27` / PR #7008.\n\nThe critical correctness bug around 1:1 outbound read state is fixed:\n- use `readViaOutbox` (`numericMsgId <= readOutboxMaxId`) for 1:1 outbound read status\n- use `readViaCount` as fallback for groups\n- clarify the `getMessagesReadParticipants` limitation\n\nTwo issues remain.\n\n## Remaining issue 1: requested message IDs are not fetched directly\n`getTelegramReadReceipts` still calls:\n\n```ts\nclient.getMessages(entity, {\n search: \"\",\n limit: Math.max(requested.size * 2, MAX_RECENT_LIMIT),\n})\n```\n\nThis is not an IDs-based fetch and can silently miss older requested message IDs.\n\n### Expected fix\n- extend `TelegramLocalClientLike.getMessages` to support an `ids` parameter\n- fetch the exact requested Telegram message IDs instead of relying on `search: \"\"`\n- make `getTelegramReadReceipts` deterministic for older messages\n\n## Remaining issue 2: O(n*m) receipt lookup\nThe final assembly still does a nested scan via:\n- `args.messageIds.map(...)`\n- `receipts.find(...)`\n\nThis should be replaced with a `Map` so lookup is linear.\n\n## Why this matters\n- issue 1 is still a correctness gap\n- issue 2 is lower-risk, but worth fixing while touching the same path\n\n## Context\n- fixed in PR: #7008\n- fixed commit: `55f4f27`", "createdAt": "2026-04-22T01:21:52Z", "closedAt": null, "state": "OPEN", "commentCount": 0 } ], "topPRs": [ { "id": "PR_kwDOMT5cIs7Ug2Qe", "title": "2.x/v3 clean up", "author": "odilitime", "number": 7020, "body": "Simple clean up pass\n\n\n---\n\n> [!NOTE]\n> **High Risk**\n> High risk because it deletes all existing GitHub Actions workflows for CI, releases, builds, and security scanning, effectively disabling automated checks and publishing. It also adds `.github/workflows/` to `.gitignore`, making future workflow changes easy to miss or untracked.\n> \n> **Overview**\n> **Disables GitHub Actions automation** by deleting all existing workflows under `.github/workflows/` (CI, platform builds, releases/publishing, security scans, and review bots).\n> \n> Updates `.gitignore` to ignore `.github/workflows/` (and adds `/.elizaok/`), preventing workflow files from being tracked going forward.\n> \n> Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 8954200c09462ebc1b4d98160b69959e2b457e95. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).\n", "repository": "elizaos/eliza", "createdAt": "2026-04-22T05:29:07Z", "mergedAt": null, "additions": 31167, "deletions": 5363 }, { "id": "PR_kwDOMT5cIs7UlItI", "title": "feat: local inference hub, provider switcher, and agent local probes", "author": "odilitime", "number": 7032, "body": "Extend app-core with external runtime and embedding flows, routing and compat APIs, settings UI, and shared onboarding contracts. Add agent-side OpenAI-compatible and Ollama local probes plus provider switch plumbing. Refresh plugin submodule pointers, shared presets, and related tooling.\r\n\r\nWork-in-progress but there's a lot of good clean up here (including visual)\r\n- ai provider work: 80%\r\n- smart selection: 80%\r\n- local interface: 20%\r\n- embedding work: 80%\r\n\r\n+lint & typechecks\r\n\r\nMade-with: Cursor", "repository": "elizaos/eliza", "createdAt": "2026-04-22T10:02:28Z", "mergedAt": null, "additions": 10350, "deletions": 867 }, { "id": "PR_kwDOMT5cIs7Ud16P", "title": "fix: repair Milady CI regressions", "author": "dutchiono", "number": 7008, "body": "## Summary\n- restore website blocker and telegram exports that Milady depends on\n- replace stale @elizaos/agent/... subpath imports with package-root imports in the affected app surfaces\n- fix the LifeOps signal client method collision, reminder channel drift, and app-manager typing drift\n- sync the iOS mobile build template list with MiladyIntentPlugin.swift\n- add a Windows TypeScript fix by updating the nested plugin-whatsapp submodule to include a qrcode declaration\n\n## Notes\n- This is part of the PR #2017 repair chain in milady-ai/milady\n- It depends on the matching plugin-whatsapp PR being merged first because this branch updates that nested submodule pointer\n\n## Validation\n- \bun import check for website blocker exports\n- \bun import check for telegram exports\n- targeted typecheck slice covering the affected Milady failure files\n- \bunx vitest run packages/app-core/scripts/run-mobile-build.test.ts\n\n\n\n

Greptile Summary

\n\nThis PR repairs a set of Milady CI regressions by restoring website-blocker and Telegram exports, replacing stale `@elizaos/agent/…` subpath imports with package-root imports across `app-lifeops` and `app-steward`, fixing the Signal client method collision in the `ElizaClient` declaration merge, syncing the iOS mobile build template list to include `MiladyIntentPlugin.swift`, and bumping the `plugin-whatsapp` submodule for a Windows TypeScript fix. The remaining findings are all P2 style concerns.\n\n

Confidence Score: 5/5

\n\nSafe to merge; all remaining findings are P2 style/UX concerns that do not affect correctness on the happy path.\n\nThe PR is a focused regression-repair commit — import path fixes, type alignment, a template list sync, and a submodule bump. The only substantive concern (stale `pairingStatus` on `refresh()`) is a minor UI edge case that the normal poll-driven flow avoids entirely. No data integrity, security, or build-blocking issues were found.\n\napps/app-lifeops/src/hooks/useSignalConnector.ts — `pairingStatus` is not cleared when `nextStatus.pairing` is null on refresh or initial load.\n\n

Important Files Changed

\n\n\n\n\n| Filename | Overview |\n|----------|----------|\n| apps/app-lifeops/src/hooks/useSignalConnector.ts | Signal connector hook properly implements pairing lifecycle, but `pairingStatus` is not cleared when `nextStatus.pairing` is null on both initial load and refresh. |\n| packages/app-core/scripts/run-mobile-build.mjs | iOS template file list synced to include `MiladyIntentPlugin.swift`; Android and iOS overlay logic looks correct. `firstExisting` is a function declaration and is hoisted, so pre-definition usage at module top-level is valid. |\n| packages/app-core/scripts/run-mobile-build.test.ts | Test properly creates all 6 iOS template source files and asserts exact copy order matching `PLATFORM_TEMPLATE_FILES.ios`; Android template coverage is also verified. |\n| packages/shared/src/contracts/lifeops.ts | Well-formed contract file; reminder channel list, signal pairing types, and messaging connector types all look correct. |\n| packages/agent/tsconfig.json | Path aliases correctly map `@elizaos/app-lifeops/*` and other workspace packages for TypeScript resolution. |\n| apps/app-lifeops/src/api/client-lifeops.ts | Client declaration merging correctly adds signal/discord/telegram connector methods with unique names, resolving the previously reported method collision. |\n| apps/app-lifeops/src/routes/lifeops-routes.ts | Route handler correctly imports `createIntegrationTelemetrySpan` from the package root `@elizaos/agent`; remaining subpath imports resolve correctly via tsconfig paths. |\n| packages/agent/src/services/plugin-manager-types.ts | Structural duck-typing interface for plugin/app managers; loose `unknown` types are intentional for the 'Like' pattern. No issues. |\n| packages/agent/src/api/apps-routes.ts | App manager route handler with steering proxy logic; imports align with the updated plugin-manager-types. No issues. |\n| packages/app-core/src/test-support/test-helpers.ts | Adds `resolveWechatPluginImportSpecifier` and related plugin resolver utilities; implementation looks correct with proper fallback chains. |\n\n\n\n\n\n

Sequence Diagram

\n\n```mermaid\nsequenceDiagram\n participant UI as useSignalConnector (React)\n participant Client as ElizaClient\n participant Server as LifeOps Server\n\n UI->>Client: getSignalConnectorStatus(side)\n Client->>Server: GET /lifeops/signal/status\n Server-->>Client: { connected, pairing: {...} | null }\n Client-->>UI: LifeOpsSignalConnectorStatus\n\n UI->>Client: startLifeOpsSignalPairing({ side })\n Client->>Server: POST /lifeops/signal/pairing\n Server-->>Client: { sessionId }\n Client-->>UI: StartLifeOpsSignalPairingResponse\n\n loop Poll every 2s\n UI->>Client: getLifeOpsSignalPairingStatus(sessionId)\n Client->>Server: GET /lifeops/signal/pairing/:sessionId\n Server-->>Client: LifeOpsSignalPairingStatus\n Client-->>UI: state: waiting_for_scan | connected | failed\n end\n\n UI->>Client: disconnectSignalConnector({ side, provider: signal })\n Client->>Server: POST /lifeops/signal/disconnect\n Server-->>Client: LifeOpsSignalConnectorStatus\n Client-->>UI: updated status\n```\n\n\n

Comments Outside Diff (2)

\n\n1. `apps/app-lifeops/src/hooks/useSignalConnector.ts`, line 42-56 ([link](https://github.com/elizaos/eliza/blob/24a3ff7cc17ce3e4b71e47f26129adc50da4d7ea/apps/app-lifeops/src/hooks/useSignalConnector.ts#L42-L56)) \n\n \"P2\" **Stale `pairingStatus` on refresh**\n\n When `refresh()` fetches a status where `nextStatus.pairing` is `null` (e.g., server-side session timed out after the poll stopped), `pairingStatus` is never cleared. A caller who then reads `pairingStatus` will see the last-known pairing state (e.g. `{ state: \"waiting_for_scan\" }`) even though the session is gone on the server.\n\n The same pattern appears in the initial-load `useEffect` at line 63–78. Consider unconditionally setting `pairingStatus` on every refresh:\n\n\n2. `apps/app-lifeops/src/hooks/useSignalConnector.ts`, line 62-79 ([link](https://github.com/elizaos/eliza/blob/24a3ff7cc17ce3e4b71e47f26129adc50da4d7ea/apps/app-lifeops/src/hooks/useSignalConnector.ts#L62-L79)) \n\n \"P2\" **Same stale-pairing issue in initial `useEffect`**\n\n The initial-load effect also only calls `setPairingStatus` when `nextStatus.pairing` is truthy, so switching `side` while a stale pairing session is in state leaves the old pairing data visible. Unconditionally syncing `pairingStatus` here (as suggested above for `refresh`) would keep both code-paths consistent.\n\n
\n\n\n\nReviews (1): Last reviewed commit: [\"fix: repair PR 2017 CI regressions\"](https://github.com/elizaos/eliza/commit/24a3ff7cc17ce3e4b71e47f26129adc50da4d7ea) | [Re-trigger Greptile](https://app.greptile.com/api/retrigger?id=29208932)\n\n\n\n\n\n## Summary by CodeRabbit\n\n## Release Notes\n\n* **New Features**\n * Enhanced website blocker with intelligent text parsing for targets, durations, and deferral detection\n * Added Telegram message search and read receipt capabilities\n * Expanded reminder channel support (email, push, cloud)\n\n* **Improvements**\n * Signal pairing API methods now have clearer, more descriptive names\n * Better theme color handling in appearance settings\n\n* **Bug Fixes**\n * Fixed X (Twitter) OAuth signing key construction\n * Corrected Discord and Signal message dispatch routing\n * Updated browser companion pairing endpoint behavior\n\n", "repository": "elizaos/eliza", "createdAt": "2026-04-22T00:01:57Z", "mergedAt": "2026-04-22T01:33:18Z", "additions": 359, "deletions": 82 }, { "id": "PR_kwDOMT5cIs7UxqX4", "title": "chore(deps): bump the cargo group across 15 directories with 3 updates", "author": "dependabot", "number": 7041, "body": "Bumps the cargo group with 2 updates in the /packages/examples/a2a/rust directory: [rand](https://github.com/rust-random/rand) and [rustls-webpki](https://github.com/rustls/webpki).\nBumps the cargo group with 1 update in the /packages/examples/app/tauri/src-tauri directory: [rustls-webpki](https://github.com/rustls/webpki).\nBumps the cargo group with 1 update in the /packages/examples/autonomous-rust-agent directory: [rustls-webpki](https://github.com/rustls/webpki).\nBumps the cargo group with 2 updates in the /packages/examples/aws/rust directory: [rand](https://github.com/rust-random/rand) and [rustls-webpki](https://github.com/rustls/webpki).\nBumps the cargo group with 2 updates in the /packages/examples/bluesky/rust/bluesky-agent directory: [rand](https://github.com/rust-random/rand) and [rustls-webpki](https://github.com/rustls/webpki).\nBumps the cargo group with 2 updates in the /packages/examples/chat/rust/chat directory: [rand](https://github.com/rust-random/rand) and [rustls-webpki](https://github.com/rustls/webpki).\nBumps the cargo group with 1 update in the /packages/examples/discord/rust/discord-agent directory: [rand](https://github.com/rust-random/rand).\nBumps the cargo group with 2 updates in the /packages/examples/form/rust/chat directory: [rand](https://github.com/rust-random/rand) and [rustls-webpki](https://github.com/rustls/webpki).\nBumps the cargo group with 2 updates in the /packages/examples/gcp/rust directory: [rand](https://github.com/rust-random/rand) and [rustls-webpki](https://github.com/rustls/webpki).\nBumps the cargo group with 2 updates in the /packages/examples/polymarket/rust/polymarket-demo directory: [rand](https://github.com/rust-random/rand) and [rustls-webpki](https://github.com/rustls/webpki).\nBumps the cargo group with 2 updates in the /packages/examples/rest-api/actix directory: [rand](https://github.com/rust-random/rand) and [actix-http](https://github.com/actix/actix-web).\nBumps the cargo group with 2 updates in the /packages/examples/telegram/rust/telegram-agent directory: [rand](https://github.com/rust-random/rand) and [rustls-webpki](https://github.com/rustls/webpki).\nBumps the cargo group with 2 updates in the /packages/examples/text-adventure/rust/game directory: [rand](https://github.com/rust-random/rand) and [rustls-webpki](https://github.com/rustls/webpki).\nBumps the cargo group with 2 updates in the /packages/examples/twitter-xai/rust/xai-agent directory: [rand](https://github.com/rust-random/rand) and [rustls-webpki](https://github.com/rustls/webpki).\nBumps the cargo group with 1 update in the /packages/examples/virus directory: [rustls-webpki](https://github.com/rustls/webpki).\n\nUpdates `rand` from 0.8.5 to 0.8.6\n
\nChangelog\n

Sourced from rand's changelog.

\n
\n

[0.8.6] - 2026-04-14

\n

This release back-ports a fix from v0.10. See also #1763.

\n

Changes

\n
    \n
  • Deprecate feature log (#1772)
    • \n
\n

#1763: rust-random/rand#1763\n#1772: rust-random/rand#1772

\n
    \n
  • Drop the experimental simd_support feature.
    • \n
\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `rustls-webpki` from 0.103.11 to 0.103.13\n
\nRelease notes\n

Sourced from rustls-webpki's releases.

\n
\n

0.103.13

\n\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.12...v/0.103.13

\n

0.103.12

\n

This release fixes two bugs in name constraint enforcement:

\n
    \n
  • GHSA-965h-392x-2mh5: name constraints for URI names were ignored and therefore accepted. URI name constraints are now rejected unconditionally. Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.
    • \n
  • GHSA-xgp8-3hg3-c2mh: permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name. This was incorrect because, given a name constraint of accept.example.com, *.example.com could feasibly allow a name of reject.example.com which is outside the constraint. This is very similar to CVE-2025-61727.
    • \n
\n

Since name constraints are restrictions on otherwise properly-issued certificates, these bugs are reachable only after signature verification and require misissuance to exploit.

\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.11...v/0.103.12

\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `rustls-webpki` from 0.103.11 to 0.103.13\n
\nRelease notes\n

Sourced from rustls-webpki's releases.

\n
\n

0.103.13

\n\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.12...v/0.103.13

\n

0.103.12

\n

This release fixes two bugs in name constraint enforcement:

\n
    \n
  • GHSA-965h-392x-2mh5: name constraints for URI names were ignored and therefore accepted. URI name constraints are now rejected unconditionally. Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.
    • \n
  • GHSA-xgp8-3hg3-c2mh: permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name. This was incorrect because, given a name constraint of accept.example.com, *.example.com could feasibly allow a name of reject.example.com which is outside the constraint. This is very similar to CVE-2025-61727.
    • \n
\n

Since name constraints are restrictions on otherwise properly-issued certificates, these bugs are reachable only after signature verification and require misissuance to exploit.

\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.11...v/0.103.12

\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `rustls-webpki` from 0.103.11 to 0.103.13\n
\nRelease notes\n

Sourced from rustls-webpki's releases.

\n
\n

0.103.13

\n\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.12...v/0.103.13

\n

0.103.12

\n

This release fixes two bugs in name constraint enforcement:

\n
    \n
  • GHSA-965h-392x-2mh5: name constraints for URI names were ignored and therefore accepted. URI name constraints are now rejected unconditionally. Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.
    • \n
  • GHSA-xgp8-3hg3-c2mh: permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name. This was incorrect because, given a name constraint of accept.example.com, *.example.com could feasibly allow a name of reject.example.com which is outside the constraint. This is very similar to CVE-2025-61727.
    • \n
\n

Since name constraints are restrictions on otherwise properly-issued certificates, these bugs are reachable only after signature verification and require misissuance to exploit.

\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.11...v/0.103.12

\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `rand` from 0.8.5 to 0.8.6\n
\nChangelog\n

Sourced from rand's changelog.

\n
\n

[0.8.6] - 2026-04-14

\n

This release back-ports a fix from v0.10. See also #1763.

\n

Changes

\n
    \n
  • Deprecate feature log (#1772)
    • \n
\n

#1763: rust-random/rand#1763\n#1772: rust-random/rand#1772

\n
    \n
  • Drop the experimental simd_support feature.
    • \n
\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `rustls-webpki` from 0.103.11 to 0.103.13\n
\nRelease notes\n

Sourced from rustls-webpki's releases.

\n
\n

0.103.13

\n\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.12...v/0.103.13

\n

0.103.12

\n

This release fixes two bugs in name constraint enforcement:

\n
    \n
  • GHSA-965h-392x-2mh5: name constraints for URI names were ignored and therefore accepted. URI name constraints are now rejected unconditionally. Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.
    • \n
  • GHSA-xgp8-3hg3-c2mh: permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name. This was incorrect because, given a name constraint of accept.example.com, *.example.com could feasibly allow a name of reject.example.com which is outside the constraint. This is very similar to CVE-2025-61727.
    • \n
\n

Since name constraints are restrictions on otherwise properly-issued certificates, these bugs are reachable only after signature verification and require misissuance to exploit.

\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.11...v/0.103.12

\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `rand` from 0.8.5 to 0.8.6\n
\nChangelog\n

Sourced from rand's changelog.

\n
\n

[0.8.6] - 2026-04-14

\n

This release back-ports a fix from v0.10. See also #1763.

\n

Changes

\n
    \n
  • Deprecate feature log (#1772)
    • \n
\n

#1763: rust-random/rand#1763\n#1772: rust-random/rand#1772

\n
    \n
  • Drop the experimental simd_support feature.
    • \n
\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `rustls-webpki` from 0.103.11 to 0.103.13\n
\nRelease notes\n

Sourced from rustls-webpki's releases.

\n
\n

0.103.13

\n\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.12...v/0.103.13

\n

0.103.12

\n

This release fixes two bugs in name constraint enforcement:

\n
    \n
  • GHSA-965h-392x-2mh5: name constraints for URI names were ignored and therefore accepted. URI name constraints are now rejected unconditionally. Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.
    • \n
  • GHSA-xgp8-3hg3-c2mh: permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name. This was incorrect because, given a name constraint of accept.example.com, *.example.com could feasibly allow a name of reject.example.com which is outside the constraint. This is very similar to CVE-2025-61727.
    • \n
\n

Since name constraints are restrictions on otherwise properly-issued certificates, these bugs are reachable only after signature verification and require misissuance to exploit.

\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.11...v/0.103.12

\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `rand` from 0.8.5 to 0.8.6\n
\nChangelog\n

Sourced from rand's changelog.

\n
\n

[0.8.6] - 2026-04-14

\n

This release back-ports a fix from v0.10. See also #1763.

\n

Changes

\n
    \n
  • Deprecate feature log (#1772)
    • \n
\n

#1763: rust-random/rand#1763\n#1772: rust-random/rand#1772

\n
    \n
  • Drop the experimental simd_support feature.
    • \n
\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `rustls-webpki` from 0.103.11 to 0.103.13\n
\nRelease notes\n

Sourced from rustls-webpki's releases.

\n
\n

0.103.13

\n\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.12...v/0.103.13

\n

0.103.12

\n

This release fixes two bugs in name constraint enforcement:

\n
    \n
  • GHSA-965h-392x-2mh5: name constraints for URI names were ignored and therefore accepted. URI name constraints are now rejected unconditionally. Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.
    • \n
  • GHSA-xgp8-3hg3-c2mh: permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name. This was incorrect because, given a name constraint of accept.example.com, *.example.com could feasibly allow a name of reject.example.com which is outside the constraint. This is very similar to CVE-2025-61727.
    • \n
\n

Since name constraints are restrictions on otherwise properly-issued certificates, these bugs are reachable only after signature verification and require misissuance to exploit.

\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.11...v/0.103.12

\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `rand` from 0.8.5 to 0.8.6\n
\nChangelog\n

Sourced from rand's changelog.

\n
\n

[0.8.6] - 2026-04-14

\n

This release back-ports a fix from v0.10. See also #1763.

\n

Changes

\n
    \n
  • Deprecate feature log (#1772)
    • \n
\n

#1763: rust-random/rand#1763\n#1772: rust-random/rand#1772

\n
    \n
  • Drop the experimental simd_support feature.
    • \n
\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `rand` from 0.8.5 to 0.8.6\n
\nChangelog\n

Sourced from rand's changelog.

\n
\n

[0.8.6] - 2026-04-14

\n

This release back-ports a fix from v0.10. See also #1763.

\n

Changes

\n
    \n
  • Deprecate feature log (#1772)
    • \n
\n

#1763: rust-random/rand#1763\n#1772: rust-random/rand#1772

\n
    \n
  • Drop the experimental simd_support feature.
    • \n
\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `rustls-webpki` from 0.103.11 to 0.103.13\n
\nRelease notes\n

Sourced from rustls-webpki's releases.

\n
\n

0.103.13

\n\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.12...v/0.103.13

\n

0.103.12

\n

This release fixes two bugs in name constraint enforcement:

\n
    \n
  • GHSA-965h-392x-2mh5: name constraints for URI names were ignored and therefore accepted. URI name constraints are now rejected unconditionally. Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.
    • \n
  • GHSA-xgp8-3hg3-c2mh: permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name. This was incorrect because, given a name constraint of accept.example.com, *.example.com could feasibly allow a name of reject.example.com which is outside the constraint. This is very similar to CVE-2025-61727.
    • \n
\n

Since name constraints are restrictions on otherwise properly-issued certificates, these bugs are reachable only after signature verification and require misissuance to exploit.

\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.11...v/0.103.12

\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `rand` from 0.8.5 to 0.8.6\n
\nChangelog\n

Sourced from rand's changelog.

\n
\n

[0.8.6] - 2026-04-14

\n

This release back-ports a fix from v0.10. See also #1763.

\n

Changes

\n
    \n
  • Deprecate feature log (#1772)
    • \n
\n

#1763: rust-random/rand#1763\n#1772: rust-random/rand#1772

\n
    \n
  • Drop the experimental simd_support feature.
    • \n
\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `rustls-webpki` from 0.103.11 to 0.103.13\n
\nRelease notes\n

Sourced from rustls-webpki's releases.

\n
\n

0.103.13

\n\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.12...v/0.103.13

\n

0.103.12

\n

This release fixes two bugs in name constraint enforcement:

\n
    \n
  • GHSA-965h-392x-2mh5: name constraints for URI names were ignored and therefore accepted. URI name constraints are now rejected unconditionally. Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.
    • \n
  • GHSA-xgp8-3hg3-c2mh: permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name. This was incorrect because, given a name constraint of accept.example.com, *.example.com could feasibly allow a name of reject.example.com which is outside the constraint. This is very similar to CVE-2025-61727.
    • \n
\n

Since name constraints are restrictions on otherwise properly-issued certificates, these bugs are reachable only after signature verification and require misissuance to exploit.

\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.11...v/0.103.12

\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `rand` from 0.8.5 to 0.8.6\n
\nChangelog\n

Sourced from rand's changelog.

\n
\n

[0.8.6] - 2026-04-14

\n

This release back-ports a fix from v0.10. See also #1763.

\n

Changes

\n
    \n
  • Deprecate feature log (#1772)
    • \n
\n

#1763: rust-random/rand#1763\n#1772: rust-random/rand#1772

\n
    \n
  • Drop the experimental simd_support feature.
    • \n
\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `rustls-webpki` from 0.103.11 to 0.103.13\n
\nRelease notes\n

Sourced from rustls-webpki's releases.

\n
\n

0.103.13

\n\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.12...v/0.103.13

\n

0.103.12

\n

This release fixes two bugs in name constraint enforcement:

\n
    \n
  • GHSA-965h-392x-2mh5: name constraints for URI names were ignored and therefore accepted. URI name constraints are now rejected unconditionally. Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.
    • \n
  • GHSA-xgp8-3hg3-c2mh: permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name. This was incorrect because, given a name constraint of accept.example.com, *.example.com could feasibly allow a name of reject.example.com which is outside the constraint. This is very similar to CVE-2025-61727.
    • \n
\n

Since name constraints are restrictions on otherwise properly-issued certificates, these bugs are reachable only after signature verification and require misissuance to exploit.

\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.11...v/0.103.12

\n
\n
\n
\nCommits\n
\n
\nCommits\n\n
\n
\n\nUpdates `rustls-webpki` from 0.103.11 to 0.103.13\n
\nRelease notes\n

Sourced from rustls-webpki's releases.

\n
\n

0.103.13

\n\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.12...v/0.103.13

\n

0.103.12

\n

This release fixes two bugs in name constraint enforcement:

\n
    \n
  • GHSA-965h-392x-2mh5: name constraints for URI names were ignored and therefore accepted. URI name constraints are now rejected unconditionally. Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.
    • \n
  • GHSA-xgp8-3hg3-c2mh: permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name. This was incorrect because, given a name constraint of accept.example.com, *.example.com could feasibly allow a name of reject.example.com which is outside the constraint. This is very similar to CVE-2025-61727.
    • \n
\n

Since name constraints are restrictions on otherwise properly-issued certificates, these bugs are reachable only after signature verification and require misissuance to exploit.

\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.11...v/0.103.12

\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `rustls-webpki` from 0.103.11 to 0.103.13\n
\nRelease notes\n

Sourced from rustls-webpki's releases.

\n
\n

0.103.13

\n\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.12...v/0.103.13

\n

0.103.12

\n

This release fixes two bugs in name constraint enforcement:

\n
    \n
  • GHSA-965h-392x-2mh5: name constraints for URI names were ignored and therefore accepted. URI name constraints are now rejected unconditionally. Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.
    • \n
  • GHSA-xgp8-3hg3-c2mh: permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name. This was incorrect because, given a name constraint of accept.example.com, *.example.com could feasibly allow a name of reject.example.com which is outside the constraint. This is very similar to CVE-2025-61727.
    • \n
\n

Since name constraints are restrictions on otherwise properly-issued certificates, these bugs are reachable only after signature verification and require misissuance to exploit.

\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.11...v/0.103.12

\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `rustls-webpki` from 0.103.11 to 0.103.13\n
\nRelease notes\n

Sourced from rustls-webpki's releases.

\n
\n

0.103.13

\n\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.12...v/0.103.13

\n

0.103.12

\n

This release fixes two bugs in name constraint enforcement:

\n
    \n
  • GHSA-965h-392x-2mh5: name constraints for URI names were ignored and therefore accepted. URI name constraints are now rejected unconditionally. Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.
    • \n
  • GHSA-xgp8-3hg3-c2mh: permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name. This was incorrect because, given a name constraint of accept.example.com, *.example.com could feasibly allow a name of reject.example.com which is outside the constraint. This is very similar to CVE-2025-61727.
    • \n
\n

Since name constraints are restrictions on otherwise properly-issued certificates, these bugs are reachable only after signature verification and require misissuance to exploit.

\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.11...v/0.103.12

\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `rand` from 0.8.5 to 0.8.6\n
\nChangelog\n

Sourced from rand's changelog.

\n
\n

[0.8.6] - 2026-04-14

\n

This release back-ports a fix from v0.10. See also #1763.

\n

Changes

\n
    \n
  • Deprecate feature log (#1772)
    • \n
\n

#1763: rust-random/rand#1763\n#1772: rust-random/rand#1772

\n
    \n
  • Drop the experimental simd_support feature.
    • \n
\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `rand` from 0.8.5 to 0.8.6\n
\nChangelog\n

Sourced from rand's changelog.

\n
\n

[0.8.6] - 2026-04-14

\n

This release back-ports a fix from v0.10. See also #1763.

\n

Changes

\n
    \n
  • Deprecate feature log (#1772)
    • \n
\n

#1763: rust-random/rand#1763\n#1772: rust-random/rand#1772

\n
    \n
  • Drop the experimental simd_support feature.
    • \n
\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `rustls-webpki` from 0.103.11 to 0.103.13\n
\nRelease notes\n

Sourced from rustls-webpki's releases.

\n
\n

0.103.13

\n\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.12...v/0.103.13

\n

0.103.12

\n

This release fixes two bugs in name constraint enforcement:

\n
    \n
  • GHSA-965h-392x-2mh5: name constraints for URI names were ignored and therefore accepted. URI name constraints are now rejected unconditionally. Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.
    • \n
  • GHSA-xgp8-3hg3-c2mh: permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name. This was incorrect because, given a name constraint of accept.example.com, *.example.com could feasibly allow a name of reject.example.com which is outside the constraint. This is very similar to CVE-2025-61727.
    • \n
\n

Since name constraints are restrictions on otherwise properly-issued certificates, these bugs are reachable only after signature verification and require misissuance to exploit.

\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.11...v/0.103.12

\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `rand` from 0.8.5 to 0.8.6\n
\nChangelog\n

Sourced from rand's changelog.

\n
\n

[0.8.6] - 2026-04-14

\n

This release back-ports a fix from v0.10. See also #1763.

\n

Changes

\n
    \n
  • Deprecate feature log (#1772)
    • \n
\n

#1763: rust-random/rand#1763\n#1772: rust-random/rand#1772

\n
    \n
  • Drop the experimental simd_support feature.
    • \n
\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `rustls-webpki` from 0.103.11 to 0.103.13\n
\nRelease notes\n

Sourced from rustls-webpki's releases.

\n
\n

0.103.13

\n\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.12...v/0.103.13

\n

0.103.12

\n

This release fixes two bugs in name constraint enforcement:

\n
    \n
  • GHSA-965h-392x-2mh5: name constraints for URI names were ignored and therefore accepted. URI name constraints are now rejected unconditionally. Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.
    • \n
  • GHSA-xgp8-3hg3-c2mh: permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name. This was incorrect because, given a name constraint of accept.example.com, *.example.com could feasibly allow a name of reject.example.com which is outside the constraint. This is very similar to CVE-2025-61727.
    • \n
\n

Since name constraints are restrictions on otherwise properly-issued certificates, these bugs are reachable only after signature verification and require misissuance to exploit.

\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.11...v/0.103.12

\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `rand` from 0.8.5 to 0.8.6\n
\nChangelog\n

Sourced from rand's changelog.

\n
\n

[0.8.6] - 2026-04-14

\n

This release back-ports a fix from v0.10. See also #1763.

\n

Changes

\n
    \n
  • Deprecate feature log (#1772)
    • \n
\n

#1763: rust-random/rand#1763\n#1772: rust-random/rand#1772

\n
    \n
  • Drop the experimental simd_support feature.
    • \n
\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `rustls-webpki` from 0.103.11 to 0.103.13\n
\nRelease notes\n

Sourced from rustls-webpki's releases.

\n
\n

0.103.13

\n\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.12...v/0.103.13

\n

0.103.12

\n

This release fixes two bugs in name constraint enforcement:

\n
    \n
  • GHSA-965h-392x-2mh5: name constraints for URI names were ignored and therefore accepted. URI name constraints are now rejected unconditionally. Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.
    • \n
  • GHSA-xgp8-3hg3-c2mh: permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name. This was incorrect because, given a name constraint of accept.example.com, *.example.com could feasibly allow a name of reject.example.com which is outside the constraint. This is very similar to CVE-2025-61727.
    • \n
\n

Since name constraints are restrictions on otherwise properly-issued certificates, these bugs are reachable only after signature verification and require misissuance to exploit.

\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.11...v/0.103.12

\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `rand` from 0.8.5 to 0.8.6\n
\nChangelog\n

Sourced from rand's changelog.

\n
\n

[0.8.6] - 2026-04-14

\n

This release back-ports a fix from v0.10. See also #1763.

\n

Changes

\n
    \n
  • Deprecate feature log (#1772)
    • \n
\n

#1763: rust-random/rand#1763\n#1772: rust-random/rand#1772

\n
    \n
  • Drop the experimental simd_support feature.
    • \n
\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `rand` from 0.8.5 to 0.8.6\n
\nChangelog\n

Sourced from rand's changelog.

\n
\n

[0.8.6] - 2026-04-14

\n

This release back-ports a fix from v0.10. See also #1763.

\n

Changes

\n
    \n
  • Deprecate feature log (#1772)
    • \n
\n

#1763: rust-random/rand#1763\n#1772: rust-random/rand#1772

\n
    \n
  • Drop the experimental simd_support feature.
    • \n
\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `rustls-webpki` from 0.103.11 to 0.103.13\n
\nRelease notes\n

Sourced from rustls-webpki's releases.

\n
\n

0.103.13

\n\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.12...v/0.103.13

\n

0.103.12

\n

This release fixes two bugs in name constraint enforcement:

\n
    \n
  • GHSA-965h-392x-2mh5: name constraints for URI names were ignored and therefore accepted. URI name constraints are now rejected unconditionally. Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.
    • \n
  • GHSA-xgp8-3hg3-c2mh: permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name. This was incorrect because, given a name constraint of accept.example.com, *.example.com could feasibly allow a name of reject.example.com which is outside the constraint. This is very similar to CVE-2025-61727.
    • \n
\n

Since name constraints are restrictions on otherwise properly-issued certificates, these bugs are reachable only after signature verification and require misissuance to exploit.

\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.11...v/0.103.12

\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `rand` from 0.8.5 to 0.8.6\n
\nChangelog\n

Sourced from rand's changelog.

\n
\n

[0.8.6] - 2026-04-14

\n

This release back-ports a fix from v0.10. See also #1763.

\n

Changes

\n
    \n
  • Deprecate feature log (#1772)
    • \n
\n

#1763: rust-random/rand#1763\n#1772: rust-random/rand#1772

\n
    \n
  • Drop the experimental simd_support feature.
    • \n
\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `rand` from 0.8.5 to 0.8.6\n
\nChangelog\n

Sourced from rand's changelog.

\n
\n

[0.8.6] - 2026-04-14

\n

This release back-ports a fix from v0.10. See also #1763.

\n

Changes

\n
    \n
  • Deprecate feature log (#1772)
    • \n
\n

#1763: rust-random/rand#1763\n#1772: rust-random/rand#1772

\n
    \n
  • Drop the experimental simd_support feature.
    • \n
\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `rustls-webpki` from 0.103.11 to 0.103.13\n
\nRelease notes\n

Sourced from rustls-webpki's releases.

\n
\n

0.103.13

\n\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.12...v/0.103.13

\n

0.103.12

\n

This release fixes two bugs in name constraint enforcement:

\n
    \n
  • GHSA-965h-392x-2mh5: name constraints for URI names were ignored and therefore accepted. URI name constraints are now rejected unconditionally. Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.
    • \n
  • GHSA-xgp8-3hg3-c2mh: permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name. This was incorrect because, given a name constraint of accept.example.com, *.example.com could feasibly allow a name of reject.example.com which is outside the constraint. This is very similar to CVE-2025-61727.
    • \n
\n

Since name constraints are restrictions on otherwise properly-issued certificates, these bugs are reachable only after signature verification and require misissuance to exploit.

\n

What's Changed

\n\n

Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.11...v/0.103.12

\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `rand` from 0.8.5 to 0.8.6\n
\nChangelog\n

Sourced from rand's changelog.

\n
\n

[0.8.6] - 2026-04-14 [!WARNING]\n> Some dependencies could n", "files": [ "packages/rust/Cargo.lock" ] }, { "title": "chore(deps): update dependency vitest to v3.2.4", "prNumber": 6997, "type": "tests", "body": "> ℹ️ **Note**\n> \n> This PR body was truncated due to platform limits.\n\nThis PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-con", "files": [ "plugins/plugin-app-control/typescript/package.json" ] }, { "title": "chore(deps): update dependency typescript to v5.9.3", "prNumber": 6996, "type": "other", "body": "This PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|\n| [typescript](https://www.typescriptlang", "files": [ "plugins/plugin-app-control/typescript/package.json" ] }, { "title": "chore(deps): update dependency typedoc to v0.28.19", "prNumber": 6995, "type": "other", "body": "This PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|\n| [typedoc](https://typedoc.org) ([source", "files": [ "package.json" ] }, { "title": "chore(deps): update dependency tsup to v8.5.1", "prNumber": 6994, "type": "other", "body": "This PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|\n| [tsup](https://tsup.egoist.dev/) ([sour", "files": [ "plugins/plugin-app-control/typescript/package.json" ] }, { "title": "chore(deps): update dependency pandas to v3", "prNumber": 7039, "type": "other", "body": "This PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|\n| [pandas](https://redirect.github.com/pa", "files": [ "packages/benchmarks/OSWorld/requirements.txt" ] }, { "title": "chore(deps): update dependency color-name to v2", "prNumber": 7038, "type": "other", "body": "This PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|\n| [color-name](https://redirect.github.co", "files": [ "package.json" ] }, { "title": "chore(deps): bump the cargo group across 19 directories with 3 updates", "prNumber": 7037, "type": "other", "body": "Bumps the cargo group with 2 updates in the /packages/examples/a2a/rust directory: [rand](https://github.com/rust-random/rand) and [rustls-webpki](https://github.com/rustls/webpki).\nBumps the cargo group with 1 update in the /packages/examp", "files": [ "packages/examples/a2a/rust/Cargo.lock", "packages/examples/app/tauri/src-tauri/Cargo.lock", "packages/examples/autonomous-rust-agent/Cargo.lock", "packages/examples/autonomous/rust/autonomous/Cargo.lock", "packages/examples/aws/rust/Cargo.lock", "packages/examples/bluesky/rust/bluesky-agent/Cargo.lock", "packages/examples/chat/rust/chat/Cargo.lock", "packages/examples/discord/rust/discord-agent/Cargo.lock", "packages/examples/form/rust/chat/Cargo.lock", "packages/examples/game-of-life/rust/game-of-life/Cargo.lock", "packages/examples/gcp/rust/Cargo.lock", "packages/examples/polymarket/rust/polymarket-demo/Cargo.lock", "packages/examples/rest-api/actix/Cargo.lock", "packages/examples/rest-api/axum/Cargo.lock", "packages/examples/rest-api/rocket/Cargo.lock", "packages/examples/roblox/rust/Cargo.lock", "packages/examples/tic-tac-toe/rust/Cargo.lock", "packages/examples/virus/Cargo.lock", "packages/rust/Cargo.lock" ] }, { "title": "chore(deps): update dependency @vitejs/plugin-react to v6", "prNumber": 7036, "type": "other", "body": "This PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|\n| [@vitejs/plugin-react](https://redirect", "files": [ "package.json", "packages/benchmarks/solana/solana-gym-env/docs/trajectory-viewer/package.json" ] }, { "title": "chore(deps): update dependency @uniswap/v4-sdk to v2", "prNumber": 7035, "type": "other", "body": "This PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|\n| [@uniswap/v4-sdk](https://redirect.gith", "files": [ "package.json" ] }, { "title": "chore(deps): update dependency @uniswap/sdk-core to v7", "prNumber": 7034, "type": "other", "body": "This PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|\n| [@uniswap/sdk-core](https://redirect.gi", "files": [ "package.json" ] }, { "title": "fix(deps): update tokio-prost monorepo to 0.14", "prNumber": 7033, "type": "bugfix", "body": "This PR contains the following updates:\n\n| Package | Type | Update | Change |\n|---|---|---|---|\n| [prost](https://redirect.github.com/tokio-rs/prost) | dependencies | minor | `0.13` → `0.14` |\n| [prost-build](https://redirect.github.com/tok", "files": [ "packages/rust/Cargo.lock", "packages/rust/Cargo.toml" ] }, { "title": "fix(deps): update rust crate sha2 to 0.11", "prNumber": 7031, "type": "bugfix", "body": "This PR contains the following updates:\n\n| Package | Type | Update | Change |\n|---|---|---|---|\n| [sha2](https://redirect.github.com/RustCrypto/hashes) | dependencies | minor | `0.10` → `0.11` |\n\n---\n\n> [!WARNING]\n> Some dependencies could ", "files": [ "packages/rust/Cargo.lock", "packages/rust/Cargo.toml" ] }, { "title": "fix(deps): update dependency torch to ~=2.11.0", "prNumber": 7030, "type": "bugfix", "body": "> ℹ️ **Note**\n> \n> This PR body was truncated due to platform limits.\n\nThis PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-con", "files": [ "packages/benchmarks/OSWorld/pyproject.toml", "packages/benchmarks/OSWorld/requirements.txt", "packages/benchmarks/OSWorld/setup.py", "packages/benchmarks/OSWorld/uv.lock" ] }, { "title": "fix(deps): update crypto and benchmark dependencies", "prNumber": 7029, "type": "bugfix", "body": "\r\n\r\n# Relates to\r\n\r\n\r\n\r\n