build(deps): bump wasmtime-wasi from 44.0.2 to 45.0.1

[dependabot]

Bumps wasmtime-wasi from 44.0.2 to 45.0.1.

Release notes

Sourced from wasmtime-wasi's releases.

v45.0.1

45.0.1

Released 2026-06-05.

Fixed

• Fixed regression with WASIp2 zero-delay clocks/timers: allow repeat calls to .ready() to make progress. #13511

v45.0.0

45.0.0

Released 2026-05-21.

Added

• Winch now respects the enable_nan_canonicalization setting. #12939

• Initial support for invoking component functions asynchronously has been added to the C API. #12973

• Cranelift's s390x backend implements more instructions from z17 and also implements more CLIF arithmetic overflow instructions. #12523 #12707

• Wasmtime's support for handling OOM in more APIs has expanded and is now documented as well. #12993 #12988 #13017 #13047 #13049 #13051 #13074 #13083 #13088 #13224

• The Component type now offers reflection APIs over the compiled in-memory view of instructions in the same manner Module does. #13073

• The wasmtime CLI now has a hot-blocks subcommand to explore a perf-recorded output and show hot basic blocks of WebAssembly instructions. #13077

... (truncated)

Changelog

Sourced from wasmtime-wasi's changelog.

45.0.1

Released 2026-06-05.

Fixed

• Fixed regression with WASIp2 zero-delay clocks/timers: allow repeat calls to .ready() to make progress. #13511

---

45.0.0

Released 2026-05-21.

Added

• Winch now respects the enable_nan_canonicalization setting. #12939

• Initial support for invoking component functions asynchronously has been added to the C API. #12973

• Cranelift's s390x backend implements more instructions from z17 and also implements more CLIF arithmetic overflow instructions. #12523 #12707

• Wasmtime's support for handling OOM in more APIs has expanded and is now documented as well. #12993 #12988 #13017 #13047 #13049 #13051 #13074 #13083 #13088 #13224

• The Component type now offers reflection APIs over the compiled in-memory view of instructions in the same manner Module does. #13073

• The wasmtime CLI now has a hot-blocks subcommand to explore a perf-recorded output and show hot basic blocks of WebAssembly instructions. #13077

... (truncated)

Commits

• 83166ba Release Wasmtime 45.0.1 (#13567)
• 83371d9 Suggesting v45.0.1 cherry-pick for zero-delay timers (#13559)
• 377cd91 Release Wasmtime 45.0.0 (#13416)
• 1eb2c19 release-45.0.0: Fix wasmtime-wasi path_open(TRUNCATE) bypass of FilePerms::WR...
• 49b2aa8 Add release notes (#13328)
• 52e14e8 Fix the version bump workflow (#13275)
• 8bdb373 gc_fuzz: Struct fields (#13101)
• e3e5aa6 Refactor how inlining is configured in Wasmtime (#13250)
• 85ae784 Fix slow WASI stdin reads by passing size hint to worker thread (#13256)
• 57ed7db s390x: correct off-by-one error in rotate then select insts (#13262)
• Additional commits viewable in compare view

---

^{Need help on this PR? Tag /codesmith with what you need. Autofix is disabled.}

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[greptile-apps]

Greptile Summary

This dependabot PR bumps wasmtime-wasi from 44.0.2 to 45.0.1, pulling in a security fix for a path_open(TRUNCATE) bypass of FilePerms::WRITE (v45.0.0) and a WASIp2 zero-delay timer regression fix (v45.0.1). The wasmtime core crate in Cargo.toml is not bumped in this PR and remains at "44".

• The Cargo.lock gains a full parallel set of wasmtime/cranelift 45.x crates alongside the existing 44.x tree, and consolidates rustix from two versions down to one while updating windows-sys to 0.61.2.
• The path_open(TRUNCATE) security fix (commit 1eb2c19) patches a guest-visible permission bypass in WASI file operations that was present in all 44.x releases.

Confidence Score: 3/5

Not safe to merge as-is: the wasmtime core crate is still pinned to "44" while wasmtime-wasi is now at "45", leaving both major versions in the dependency graph simultaneously.

The wasmtime and wasmtime-wasi crates share types (Store, Linker, Engine) across their public API boundary; mixing a 44.x host with a 45.x WASI implementation will produce compile-time type errors at every call site that passes those types into wasmtime-wasi functions. The Cargo.lock confirms both 44.x and 45.x cranelift/wasmtime trees are now present. The wasmtime pin in Cargo.toml must be bumped to "45" before this can land.

Cargo.toml — the wasmtime version constraint must be updated alongside wasmtime-wasi.

Important Files Changed

Filename	Overview
Cargo.toml	Bumps wasmtime-wasi from "44" to "45"; wasmtime core remains at "44", creating a cross-version dependency pair in the lock file
Cargo.lock	Adds a full parallel set of wasmtime/cranelift 45.x crates alongside the existing 44.x tree; also consolidates rustix to a single version and bumps windows-sys to 0.61.2

_{Reviews (5): Last reviewed commit: "build(deps): bump wasmtime-wasi from 44...." | Re-trigger Greptile}

[greptile-apps]

Version mismatch between wasmtime and wasmtime-wasi

wasmtime is still pinned to "44" while wasmtime-wasi is bumped to "45". The Cargo.lock confirms both wasmtime 44.0.2 and wasmtime 45.0.0 are now present in the graph simultaneously. Because Rust treats them as entirely separate crates, any API boundary where the workspace passes a wasmtime 44 type (Store, Linker, Engine, etc.) into a wasmtime-wasi 45 function — which expects the corresponding wasmtime 45 types — will produce a compile-time type error. The wasmtime pin in Cargo.toml must be bumped to "45" together with wasmtime-wasi.

Suggested change

	# same wasm hash returns in ~tens of ms. SEA-378.
	"cache",
	] }
	wasmtime-wasi = { version = "44", features = ["p3"] }
	wasmtime-wasi = { version = "45", features = ["p3"] }
	wit-bindgen = { version = "0.55", default-features = false, features = [
	"macros",
	wasmtime = { version = "45", features = [

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

• Chores
  • Updated internal dependencies to latest stable versions for improved compatibility and performance.

Walkthrough

This PR updates the workspace dependency wasmtime-wasi from version 44 to 45 in Cargo.toml, keeping the p3 feature enabled. No other changes.

Changes

Dependency Update

Layer / File(s)	Summary
wasmtime-wasi version bump Cargo.toml	The workspace dependency wasmtime-wasi is bumped from 44 to 45 with the p3 feature retained.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A tiny bump upon the hill,
From forty-four to forty-five with skill,
The p3 flag hops along in tune,
A tidy change beneath the moon,
I nibble logs and hum a tune.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately and specifically describes the main change: bumping the wasmtime-wasi dependency from version 44.0.2 to 45.0.1.
Description check	✅ Passed	The description is directly related to the changeset, providing detailed release notes, changelog information, and commit history for the wasmtime-wasi version upgrade.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/cargo/wasmtime-wasi-45.0.0

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@Cargo.toml`:
- Line 23: The workspace is pinning mismatched wasmtime versions: update the
wasmtime dependency in Cargo.toml from version 44 to 45 so it matches
wasmtime-wasi = { version = "45", features = ["p3"] }; ensure the wasmtime crate
entry (the one currently at 44) is bumped to 45 to avoid duplicate wasmtime
versions that break type compatibility (e.g., wasmtime::component::Linker used
with wasmtime_wasi::p3::add_to_linker), then run cargo update / regenerate
Cargo.lock to ensure a single wasmtime 45.x is used across crates (including
crates/seal-runtime).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 50a6358f-ea44-4f20-880a-3313d4e8aff5

📥 Commits

Reviewing files that changed from the base of the PR and between f8049ee and 22e64b1.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (1)

• Cargo.toml

[coderabbitai]

♻️ Duplicate comments (1)

Cargo.toml (1)

23-23: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Version skew: wasmtime-wasi 45 requires wasmtime 45 (still unresolved).

This change bumps wasmtime-wasi to version 45, but wasmtime remains pinned at version 44 on line 14. As noted in the previous review, wasmtime-wasi 45.0.1 depends on wasmtime 45.0.1, which will introduce both wasmtime 44.x and 45.x into the dependency graph. Types like wasmtime::component::Linker (used in crates/seal-runtime/src/engine/runtime.rs with wasmtime_wasi::p3::add_to_linker) must originate from the same wasmtime version to avoid compilation failure or broken type contracts.

Line 14 must be updated to wasmtime = { version = "45", ... } in this same PR.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Cargo.toml` at line 23, Update Cargo.toml to keep wasmtime and wasmtime-wasi
versions in sync: change the wasmtime dependency (currently pinned to 44) to
version "45" so wasmtime = { version = "45", ... } matches wasmtime-wasi = {
version = "45", features = ["p3"] }; this avoids mixed versions and the
resulting type mismatch for types like wasmtime::component::Linker used
alongside wasmtime_wasi::p3::add_to_linker (see
crates/seal-runtime/src/engine/runtime.rs) — ensure any feature flags or
optional fields on the wasmtime entry are preserved when bumping the version.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@Cargo.toml`:
- Line 23: Update Cargo.toml to keep wasmtime and wasmtime-wasi versions in
sync: change the wasmtime dependency (currently pinned to 44) to version "45" so
wasmtime = { version = "45", ... } matches wasmtime-wasi = { version = "45",
features = ["p3"] }; this avoids mixed versions and the resulting type mismatch
for types like wasmtime::component::Linker used alongside
wasmtime_wasi::p3::add_to_linker (see crates/seal-runtime/src/engine/runtime.rs)
— ensure any feature flags or optional fields on the wasmtime entry are
preserved when bumping the version.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: c45f583d-0a5a-4e9b-b53c-4cfbe8902ff9

📥 Commits

Reviewing files that changed from the base of the PR and between 22e64b1 and 83f15d8.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (1)

• Cargo.toml

[dependabot]

Superseded by #539.