chore(deps): bump the cargo group across 1 directory with 2 updates

[dependabot]

Bumps the cargo group with 2 updates in the / directory: protobuf and ruint.

Updates protobuf from 2.28.0 to 3.7.2

Updates ruint from 1.12.3 to 1.17.2

Release notes

Sourced from ruint's releases.

v1.17.2

What's Changed

• fix(docsrs): remove doc_auto_cfg by @​DaniPopes in recmo/uint#554
• chore: release 1.17.2 by @​DaniPopes in recmo/uint#555

Full Changelog: recmo/uint@v1.17.1...v1.17.2

v1.17.1

What's Changed

• Fix codspeed benches & add most_significant_bits bench by @​Evalir in recmo/uint#544
• Fix codspeed benches & add most_significant_bits bench by @​prestwich in recmo/uint#543
• chore: update unsafe function and improve documentation and safety notes by @​Evalir in recmo/uint#553
• chore: update unsafe function and improve documentation and safety notes by @​prestwich in recmo/uint#552

Full Changelog: recmo/uint@v1.17.0...v1.17.1

v1.17.0

What's Changed

• chore: add parse benches by @​DaniPopes in recmo/uint#518
• feat: bump MSRV to 1.85 by @​DaniPopes in recmo/uint#503
• chore: use const block in add_mod by @​DaniPopes in recmo/uint#521
• chore(deps): bump actions/checkout from 4 to 5 by @​dependabot[bot] in recmo/uint#517
• feat: add support for ark-ff v0.5.0 by @​fabian1409 in recmo/uint#526
• chore(deps): depend on serde_core instead of serde by @​DaniPopes in recmo/uint#527
• bench: bench from f64 and f32 by @​Evalir in recmo/uint#531
• feat: make *next* functions const by @​DaniPopes in recmo/uint#533
• feat: add bincode 2 support by @​lightsing in recmo/uint#516
• Enhanced f64 -> Uint conversion by @​Pzixel in recmo/uint#524
• chore(deps): bump CodSpeedHQ/action from 3 to 4 by @​dependabot[bot] in recmo/uint#528
• Add Uint -> f64/f32 benches by @​Pzixel in recmo/uint#536
• Add Uint -> f64 conversion by @​Pzixel in recmo/uint#535
• perf: use select_unpredictable by @​DaniPopes in recmo/uint#537
• feat: switch to edition 2024 by @​DaniPopes in recmo/uint#538
• chore: release 1.17.0 by @​DaniPopes in recmo/uint#539

New Contributors

• @​fabian1409 made their first contribution in recmo/uint#526
• @​Pzixel made their first contribution in recmo/uint#524

Full Changelog: recmo/uint@v1.16.0...v1.17.0

v1.16.0

What's Changed

• Add Codspeed workflow by @​recmo in recmo/uint#468
• ci: update codspeed by @​DaniPopes in recmo/uint#461
• benches: reduce codspeed flakiness by @​DaniPopes in recmo/uint#470
• benches: batch codspeed routines manually by @​DaniPopes in recmo/uint#471
• perf: clean up div, cmp by @​DaniPopes in recmo/uint#464

... (truncated)

Changelog

Sourced from ruint's changelog.

[1.17.2] - 2025-12-28

Fixed

• fix(docsrs): remove doc_auto_cfg (#554)

#554: recmo/uint#554

[1.17.1] - 2025-12-26

Changed

• Added unsafe to many unstable API functions in algorithms module, and documented their conditions of use (COU). (#552)

#552: recmo/uint#552

[1.17.0] - 2025-09-24

Added

• Support for bincode 2 (#516)
• Introduce ark-ff-05 feature flag for conversion to ark-ff@0.5 types (#526)

Changed

• MSRV bumped to 1.85 (#503)
• Made *next_power_of_two and *next_multiple_of const (#533)
• Reimplemented TryFrom<f64> for Uint to speed it up, fixing edge cases and removing std requirements (#524)
• Reimplemented From<Uint> for f64 and f32 to speed it up, fixing edge cases and removing std requirements (#535)

#503: recmo/uint#503 #516: recmo/uint#516 #526: recmo/uint#526 #533: recmo/uint#533 #524: recmo/uint#524

[1.16.0] - 2025-08-04

Added

• Support rkyv (#483)
• Added bigdecimal support (#486)
• PartialEq and PartialOrd implementations for primitive integers; minor breaking change for type inference (#491)

Changed

• to_base_be and core::fmt trait implementations are available without the "alloc" feature (#488)
• Greatly improved performance across the board, mainly in: conversions, fmt, div/rem, mul, add_mod, leading_zeros

... (truncated)

Commits

• 5bd4cff Merge pull request #555 from DaniPopes/release-1.17.2
• 953a994 chore: release 1.17.2
• 9110e53 Merge pull request #554 from DaniPopes/doc_auto_cfg
• 2d242c9 fix(docsrs): remove doc_auto_cfg
• bc3fad7 Merge pull request #553 from Evalir/evalir/prestwich/rustsec-safety
• 6d82291 chore: bump version
• 51fdde2 chore: changelog
• 8090e7f chore: update unsafe function and improve documentation and safety notes
• 17c9b3e Merge pull request #544 from Evalir/evalir/prestwich-fix-codspeed
• 370e2e5 fix: crates badge
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
rooch-portal-v2.1	Ready	Preview, Comment	Jan 6, 2026 6:36pm
test-portal	Ready	Preview, Comment	Jan 6, 2026 6:36pm

1 Skipped Deployment

Project	Deployment	Review	Updated (UTC)
rooch	Ignored	Preview	Jan 6, 2026 6:36pm

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
cargo/ark-ff	0.5.0	🟢 5.2	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 4 4 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 4 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/ark-ff-asm	0.5.0	🟢 5.2	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 4 4 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 4 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/ark-ff-macros	0.5.0	🟢 5.2	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 4 4 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 4 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/ark-serialize	0.5.0	🟢 5.2	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 4 4 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 4 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/ark-std	0.5.0	Unknown	Unknown
cargo/educe	0.6.0	🟢 3.6	Details Check Score Reason Code-Review ⚠️ 2 Found 5/18 approved changesets -- score normalized to 2 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/enum-ordinalize	4.3.2	🟢 3.7	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 3 4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 no SAST tool detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches License 🟢 10 license file detected
cargo/enum-ordinalize-derive	4.3.2	🟢 3.7	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 3 4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 no SAST tool detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches License 🟢 10 license file detected
cargo/fastrlp	0.4.0	Unknown	Unknown
cargo/ruint	1.17.2	Unknown	Unknown

Scanned Files

• Cargo.lock