chore(deps): bump the cargo-dependencies group in /contracts with 2 updates

[dependabot]

Bumps the cargo-dependencies group in /contracts with 2 updates: soroban-sdk and rand.

Updates soroban-sdk from 21.7.7 to 26.0.1

Release notes

Sourced from soroban-sdk's releases.

26.0.1

What's Changed

Improvements

• Update docs clarifying guarantees of the Hash type (stellar/rs-soroban-sdk#1870)
• Surface env!/include! deps in contractmeta! to dep-info (stellar/rs-soroban-sdk#1872)
• Zero-copy improvement for U256 and I256 (stellar/rs-soroban-sdk#1867)

All Changes

• Set empty top-level permissions in claude-review by @​leighmcculloch in stellar/rs-soroban-sdk#1864
• Harden Claude review workflow by @​leighmcculloch in stellar/rs-soroban-sdk#1865
• Clarify guarantees for Hash by @​mootz12 in stellar/rs-soroban-sdk#1870
• Surface env!/include! deps in contractmeta! to dep-info by @​leighmcculloch in stellar/rs-soroban-sdk#1872
• Zero-copy improvement for U256 and I256 by @​dkcumming in stellar/rs-soroban-sdk#1867
• Bump version to 26.0.1 by @​github-actions[bot] in stellar/rs-soroban-sdk#1877

New Contributors

• @​dkcumming made their first contribution in stellar/rs-soroban-sdk#1867

Full Changelog: stellar/rs-soroban-sdk@v26.0.0...v26.0.1

v26.0.0

What's Changed

Breaking Changes

• Renamed assert_in_contract to debug_assert_in_contract — The assert_in_contract macro has been renamed to debug_assert_in_contract and hidden from public documentation, as it is intended for internal use only. The old name has been deprecated. (#1806)

• Removed deprecated token event format from soroban-token-sdk — The deprecated TokenUtils::events() helper, the legacy event module, and the Events wrapper have been removed. These were originally deprecated in v23. (#1822)

• Removed #[macro_export] from internal impl_bytesn_repr macro — This macro was only intended as an internal helper. Its public export has been removed. (#1829)

Deprecations

• Deprecate BLS/BN short type aliases and disambiguate Fr — bls12_381::Fr is renamed to Bls12381Fr and bn254::Fr is renamed to Bn254Fr, with the original names kept as deprecated aliases. The other BLS12-381 short aliases (G1Affine, G2Affine, Fp, Fp2) and the crypto::BnScalar re-export are also deprecated. Existing code continues to compile but will emit deprecation warnings pointing to the new names. This avoids a confusing case where a contract using bn254::Fr as a contract type would silently resolve to the BLS12-381 scalar in the spec mapping. (#1714)

New Features

• CAP-73 — Stellar Asset Contract trust() function: Enables the Stellar Asset Contract to create trustlines for classic G-accounts. The new trust() function creates an unlimited trustline for a specified address, requiring the recipient's authorization via require_auth. (#1814)

• CAP-78 — Limited TTL extensions on contract data: Introduces new TTL extension methods that allow developers to set explicit maximum limits on TTL extensions for persistent and instance storage entries. (#1807)

• CAP-79 — Muxed address strkey conversion: Adds host functions for converting between Stellar strkey format strings and muxed address objects (strkey_to_muxed_address and muxed_address_to_strkey). MuxedAddress now uses these for from_string and to_strkey. (#1745)

• CAP-80 — Additional BN254 and BLS12-381 host functions: Adds new functions for BN254 MSM, BN254 modular arithmetic, and curve membership checks for BLS12-381 and BN254. (#1745)

• CAP-82 — Checked arithmetic for 256-bit integers: Adds checked_{add, sub, mul, pow, div, rem_euclid, shl, shr} functions for 256-bit integer types. These return Option instead of trapping on overflow, allowing contracts to handle arithmetic errors gracefully. Also adds min_value and max_value helpers and == operator support for 256-bit number types. (#1801, #1823)

Improvements

... (truncated)

Commits

• f52b6aa Bump version to 26.0.1 (#1877)
• 0dd79fe Zero-copy improvement for U256 and I256 (#1867)
• 8be8f6e Surface env!/include! deps in contractmeta! to dep-info (#1872)
• 189fb6c Clarify guarantees for Hash (#1870)
• d6864d2 Harden Claude review workflow (#1865)
• b9110c9 Set empty top-level permissions in claude-review (#1864)
• e1bf74b Bump version to 26.0.0 (#1863)
• 026a1da Fix Result type generation for user-defined error enums named "Error" (#1862)
• 6b1e294 Update spec shaking v2 to keep alive subtype markers via reference (#1835)
• 568711d Document version support policy (#1855)
• Additional commits viewable in compare view

Updates rand from 0.8.6 to 0.10.1

Changelog

Sourced from rand's changelog.

[0.10.1] — 2026-02-11

This release includes a fix for a soundness bug; see #1763.

Changes

• Document panic behavior of make_rng and add #[track_caller] (#1761)
• Deprecate feature log (#1763)

#1761: rust-random/rand#1761 #1763: rust-random/rand#1763

[0.10.0] - 2026-02-08

Changes

• The dependency on rand_chacha has been replaced with a dependency on chacha20. This changes the implementation behind StdRng, but the output remains the same. There may be some API breakage when using the ChaCha-types directly as these are now the ones in chacha20 instead of rand_chacha (#1642).
• Rename fns IndexedRandom::choose_multiple -> sample, choose_multiple_array -> sample_array, choose_multiple_weighted -> sample_weighted, struct SliceChooseIter -> IndexedSamples and fns IteratorRandom::choose_multiple -> sample, choose_multiple_fill -> sample_fill (#1632)
• Use Edition 2024 and MSRV 1.85 (#1653)
• Let Fill be implemented for element types, not sliceable types (#1652)
• Fix OsError::raw_os_error on UEFI targets by returning Option<usize> (#1665)
• Replace fn TryRngCore::read_adapter(..) -> RngReadAdapter with simpler struct RngReader (#1669)
• Remove fns SeedableRng::from_os_rng, try_from_os_rng (#1674)
• Remove Clone support for StdRng, ReseedingRng (#1677)
• Use postcard instead of bincode to test the serde feature (#1693)
• Avoid excessive allocation in IteratorRandom::sample when amount is much larger than iterator size (#1695)
• Rename os_rng -> sys_rng, OsRng -> SysRng, OsError -> SysError (#1697)
• Rename Rng -> RngExt as upstream rand_core has renamed RngCore -> Rng (#1717)

Additions

• Add fns IndexedRandom::choose_iter, choose_weighted_iter (#1632)
• Pub export Xoshiro128PlusPlus, Xoshiro256PlusPlus prngs (#1649)
• Pub export ChaCha8Rng, ChaCha12Rng, ChaCha20Rng behind chacha feature (#1659)
• Fn rand::make_rng() -> R where R: SeedableRng (#1734)

Removals

• Removed ReseedingRng (#1722)
• Removed unused feature "nightly" (#1732)
• Removed feature small_rng (#1732)

#1632: rust-random/rand#1632 #1642: rust-random/rand#1642 #1649: rust-random/rand#1649 #1652: rust-random/rand#1652 #1653: rust-random/rand#1653 #1659: rust-random/rand#1659 #1665: rust-random/rand#1665 #1669: rust-random/rand#1669 #1674: rust-random/rand#1674 #1677: rust-random/rand#1677 #1693: rust-random/rand#1693 #1695: rust-random/rand#1695 #1697: rust-random/rand#1697

... (truncated)

Commits

• 27ff4cb Prepare v0.10.1: deprecate feature log (#1763)
• 98d0638 make_rng: document panic and add #[track_caller] (#1761)
• 54e5eaa Fix doc error (#1758)
• 1ce4c08 Bump itoa from 1.0.17 to 1.0.18 in the all-deps group (#1756)
• ccb734b docs: fix typo in doc comment (#1754)
• 357eb7d Bump libc from 0.2.182 to 0.2.183 in the all-deps group (#1753)
• 5e77fe5 Fix trait references in documentation (#1752)
• da89185 Bump the all-deps group with 3 updates (#1751)
• 50516ff Bump the all-deps group with 2 updates (#1749)
• fd71de9 Bump the all-deps group with 2 updates (#1747)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.