Skip to content

chore(deps): bump act-sdk from 0.6.0 to 0.8.0#14

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/act-sdk-0.8.0
Closed

chore(deps): bump act-sdk from 0.6.0 to 0.8.0#14
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/act-sdk-0.8.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor

Bumps act-sdk from 0.6.0 to 0.8.0.

Changelog

Sourced from act-sdk's changelog.

[0.8.0] - 2026-06-13

Changed

  • Adopted the WASI 0.3 (final) toolchain. The SDK now builds against wit-bindgen 0.58, and the HTTP examples target wasip3 0.7.0 (the ratified wasi:0.3.0). Breaking: components built with the SDK must bump their own wit-bindgen dependency to 0.58.
  • The tool-call macro now generates wit_bindgen::spawn_local (the function was renamed from spawn in wit-bindgen 0.58).

[0.7.1] - 2026-05-24

Added

  • include! support in #[act_component]. #[act_tool] functions can now live in separate files and be pulled into the component module via include!("path"), so large components (e.g. 100+ tools) can be split across many modules instead of one giant lib.rs. Included paths resolve relative to src/.
  • wasi:sockets capability declarations. SocketsCap now carries allow entries (host/CIDR + required ports + optional protocols, defaulting to TCP+UDP), declaring the capability ceiling for raw TCP/UDP I/O. Default protocols are omitted on serialization to keep manifest round-trips clean.

[0.7.0] - 2026-05-06

Added

  • act:sessions/session-provider macro support. wit/deps/act-sessions is bundled in the SDK; consumers symlink it like the other interfaces and add export act:sessions/session-provider@0.1.0; to their world.wit.
  • act_sdk::SessionRegistry<T> — interior-mutable id→state map for components that maintain per-session state. Allocates ids as <prefix>_<n>.
  • #[session_open] and #[session_close] markers — when both appear inside #[act_component], the macro generates the session-provider Guest impl. get-open-session-args-schema is derived from the open fn's args type via JsonSchema; open-session decodes metadata-shaped args; close-session is a sync pass-through (per WIT).
  • act_sdk::sessions::session_id_from_metadata — pulls std:session-id out of WIT metadata (CBOR-decoded).
  • New constants in act_types::constants: META_SESSION_ID, META_AGENT_ID, META_SESSION_OP, ERR_SESSION_NOT_FOUND. ActError::session_not_found helper.
  • New act_types::http wire types: OpenSessionRequest, OpenSessionResponse. error_kind_to_status now maps std:session-not-found to 404.

Migration

No breaking changes for tool-only components — the macro is opt-in

... (truncated)

Commits
  • c434929 chore(release): 0.8.0
  • 9bac4d1 feat(sdk)!: adopt WASI 0.3 final toolchain (wit-bindgen 0.58, wasip3 0.7.0)
  • 8f04c63 chore(release): 0.7.1
  • dab526a feat(macros): expand include! in #[act_component] for modular tool files
  • 41740d8 fix(act-types): skip default protocols on SocketsAllow serialize
  • 5544d85 feat(act-types): declare wasi:sockets capability shape
  • ab9c73f chore(release): 0.7.0
  • 6808ccb feat(sdk): act:sessions/session-provider macro support
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump act-sdk from 0.6.0 to 0.8.0
b76d48a 
Bumps [act-sdk](https://github.com/actcore/act-sdk-rs) from 0.6.0 to 0.8.0.
- [Changelog](https://github.com/actcore/act-sdk-rs/blob/main/CHANGELOG.md)
- [Commits](actcore/act-sdk-rs@0.6.0...0.8.0)

---
updated-dependencies:
- dependency-name: act-sdk
  dependency-version: 0.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Jun 15, 2026
@dependabot dependabot Bot mentioned this pull request Jun 15, 2026
Closed
@socket-security

socket-security Bot commented Jun 15, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedserde_json@​1.0.149 ⏵ 1.0.1508210093100100
Updatedact-sdk@​0.6.0 ⏵ 0.8.010010093100100

View full report

@dependabot @github

dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #18.

@dependabot dependabot Bot closed this Jun 22, 2026
@dependabot dependabot Bot deleted the dependabot/cargo/act-sdk-0.8.0 branch June 22, 2026 16:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants