Skip to content

chore(deps): bump vergen from 9.1.0 to 10.0.1#829

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/vergen-10.0.1
Open

chore(deps): bump vergen from 9.1.0 to 10.0.1#829
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/vergen-10.0.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor

Bumps vergen from 9.1.0 to 10.0.1.

Release notes

Sourced from vergen's releases.

vergen-git2 1.0.7

What's Changed

New Contributors

Full Changelog: rustyhorde/vergen@vergen_pretty_0.3.6...vergen_git2_1.0.7

vergen-git2 1.0.2

  • Dependency Updates to help fix some compilation issues that arose on MacOS.

vergen-git2 1.0.1

  • Dependency updates

vergen-git2 1.0.0

  • Release 1 of the vergen-git2 tool.

vergen-git2: v1.0.0-beta.2

  • Doc tweaks
  • Workflow updates
  • Feature fixes

vergen-git2 v1.0.0-beta.1

  • Mostly documentation updates

vergen-git2 - v1.0.0-beta.0

  • First beta release of the vergen-git2 library.
  • This library uses git2 internally to generate the git based instructions.
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note

Low Risk
Dependency-only bump affecting build-time metadata generation; dual vergen versions in the lockfile are expected until vergen-git2 is upgraded.

Overview
Bumps the workspace vergen dependency from 9.1.0 to 10.0.1 in Cargo.toml and refreshes Cargo.lock so the world-chain crate graph resolves vergen 10.0.1 / vergen-lib 10.0.1.

vergen-git2 remains 9.1.0, so the lockfile still carries vergen 9.1.0 for reth and vergen-git2 alongside the new major line—no application or build.rs changes in this diff.

Reviewed by Cursor Bugbot for commit 78b2755. Bugbot is set up for automated code reviews on this repo. Configure here.

Bumps [vergen](https://github.com/rustyhorde/vergen) from 9.1.0 to 10.0.1.
- [Release notes](https://github.com/rustyhorde/vergen/releases)
- [Commits](https://github.com/rustyhorde/vergen/commits/10.0.1)

---
updated-dependencies:
- dependency-name: vergen
  dependency-version: 10.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Jul 9, 2026
@dependabot dependabot Bot requested review from 0xForerunner and Dzejkop as code owners July 9, 2026 00:02
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 9, 2026
@dependabot dependabot Bot added the rust Pull requests that update rust code label Jul 9, 2026

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes using default effort and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 78b2755. Configure here.

Comment thread Cargo.toml
pin-project = "1.1.13"
uuid = { version = "1", features = ["serde", "v4"] }
vergen = "9.1.0"
vergen = "10.0.1"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

vergen git2 version skew

High Severity

The workspace bumps vergen to 10.0.1 but leaves vergen-git2 at 9.1.0, which still depends on vergen/vergen-lib 9.x. world-chain-node’s build.rs uses both crates together, so Cargo resolves two incompatible vergen generations for one build script, and the script still targets the vergen 9 builder API removed in vergen 10.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 78b2755. Configure here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant