Commit eb043f4
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4&size=40){kind=avatar}
Bump wasmtime from 36.0.6 to 36.0.7 (#4260)
Bumps [wasmtime](https://github.com/bytecodealliance/wasmtime) from
36.0.6 to 36.0.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/bytecodealliance/wasmtime/releases">wasmtime's
releases</a>.</em></p>
<blockquote>
<h2>v36.0.7</h2>
<h2>36.0.7</h2>
<p>Released 2026-04-09.</p>
<h3>Fixed</h3>
<ul>
<li>
<p>Miscompiled guest heap access enables sandbox escape on aarch64
Cranelift.
<a
href="https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-jhxm-h53p-jm7w">GHSA-jhxm-h53p-jm7w</a></p>
</li>
<li>
<p>Wasmtime with Winch compiler backend may allow a sandbox-escaping
memory
access.
<a
href="https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-xx5w-cvp6-jv83">GHSA-xx5w-cvp6-jv83</a></p>
</li>
<li>
<p>Out-of-bounds write or crash when transcoding component model
strings.
<a
href="https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-394w-hwhg-8vgm">GHSA-394w-hwhg-8vgm</a></p>
</li>
<li>
<p>Host panic when Winch compiler executes <code>table.fill</code>.
<a
href="https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-q49f-xg75-m9xw">GHSA-q49f-xg75-m9xw</a></p>
</li>
<li>
<p>Wasmtime segfault or unused out-of-sandbox load with
<code>f64x2.splat</code> operator
on x86-64.
<a
href="https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-qqfj-4vcm-26hv">GHSA-qqfj-4vcm-26hv</a></p>
</li>
<li>
<p>Improperly masked return value from <code>table.grow</code> with
Winch compiler backend.
<a
href="https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-f984-pcp8-v2p7">GHSA-f984-pcp8-v2p7</a></p>
</li>
<li>
<p>Panic when transcoding misaligned utf-16 strings.
<a
href="https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-jxhv-7h78-9775">GHSA-jxhv-7h78-9775</a></p>
</li>
<li>
<p>Panic when lifting <code>flags</code> component value.
<a
href="https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-m758-wjhj-p3jq">GHSA-m758-wjhj-p3jq</a></p>
</li>
<li>
<p>Heap OOB read in component model UTF-16 to latin1+utf16 string
transcoding.
<a
href="https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-hx6p-xpx3-jvvv">GHSA-hx6p-xpx3-jvvv</a></p>
</li>
<li>
<p>Data leakage between pooling allocator instances.
<a
href="https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-6wgr-89rj-399p">GHSA-6wgr-89rj-399p</a></p>
</li>
<li>
<p>Host data leakage with 64-bit tables and Winch.
<a
href="https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-m9w2-8782-2946">GHSA-m9w2-8782-2946</a></p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/bytecodealliance/wasmtime/blob/v36.0.7/RELEASES.md">wasmtime's
changelog</a>.</em></p>
<blockquote>
<h2>36.0.7</h2>
<p>Released 2026-04-09.</p>
<h3>Fixed</h3>
<ul>
<li>
<p>Miscompiled guest heap access enables sandbox escape on aarch64
Cranelift.
<a
href="https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-jhxm-h53p-jm7w">GHSA-jhxm-h53p-jm7w</a></p>
</li>
<li>
<p>Wasmtime with Winch compiler backend may allow a sandbox-escaping
memory
access.
<a
href="https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-xx5w-cvp6-jv83">GHSA-xx5w-cvp6-jv83</a></p>
</li>
<li>
<p>Out-of-bounds write or crash when transcoding component model
strings.
<a
href="https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-394w-hwhg-8vgm">GHSA-394w-hwhg-8vgm</a></p>
</li>
<li>
<p>Host panic when Winch compiler executes <code>table.fill</code>.
<a
href="https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-q49f-xg75-m9xw">GHSA-q49f-xg75-m9xw</a></p>
</li>
<li>
<p>Wasmtime segfault or unused out-of-sandbox load with
<code>f64x2.splat</code> operator
on x86-64.
<a
href="https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-qqfj-4vcm-26hv">GHSA-qqfj-4vcm-26hv</a></p>
</li>
<li>
<p>Improperly masked return value from <code>table.grow</code> with
Winch compiler backend.
<a
href="https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-f984-pcp8-v2p7">GHSA-f984-pcp8-v2p7</a></p>
</li>
<li>
<p>Panic when transcoding misaligned utf-16 strings.
<a
href="https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-jxhv-7h78-9775">GHSA-jxhv-7h78-9775</a></p>
</li>
<li>
<p>Panic when lifting <code>flags</code> component value.
<a
href="https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-m758-wjhj-p3jq">GHSA-m758-wjhj-p3jq</a></p>
</li>
<li>
<p>Heap OOB read in component model UTF-16 to latin1+utf16 string
transcoding.
<a
href="https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-hx6p-xpx3-jvvv">GHSA-hx6p-xpx3-jvvv</a></p>
</li>
<li>
<p>Data leakage between pooling allocator instances.
<a
href="https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-6wgr-89rj-399p">GHSA-6wgr-89rj-399p</a></p>
</li>
<li>
<p>Host data leakage with 64-bit tables and Winch.
<a
href="https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-m9w2-8782-2946">GHSA-m9w2-8782-2946</a></p>
</li>
</ul>
<hr />
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/bytecodealliance/wasmtime/commit/09539085b9b514b65d5c51e2905dc38f6eb414b9"><code>0953908</code></a>
Release Wasmtime 36.0.7 (<a
href="https://redirect.github.com/bytecodealliance/wasmtime/issues/12999">#12999</a>)</li>
<li><a
href="https://github.com/bytecodealliance/wasmtime/commit/7c9130b33caa65015b17b275831be25e4fdcfe7d"><code>7c9130b</code></a>
[36.0.x] Combined backports for a 36.0.7 release (<a
href="https://redirect.github.com/bytecodealliance/wasmtime/issues/13003">#13003</a>)</li>
<li>See full diff in <a
href="https://github.com/bytecodealliance/wasmtime/compare/v36.0.6...v36.0.7">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/foundry-rs/starknet-foundry/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: ddoktorski <45050160+ddoktorski@users.noreply.github.com>1 parent 6cd0543 commit eb043f4
1 file changed
Lines changed: 75 additions & 75 deletions
0 commit comments