chore(deps): bump solana-client from 2.3.13 to 3.1.9 by dependabot[bot] · Pull Request #7819 · KBVE/kbve

dependabot · 2026-03-09T06:04:32Z

Bumps solana-client from 2.3.13 to 3.1.9.

Release notes

Sourced from solana-client's releases.

Release v3.1.9

This a stable release suitable for Testnet, Devnet and Mainnet Beta.

https://github.com/anza-xyz/agave/blob/v3.1/CHANGELOG.md

What's Changed

Bump version to v3.1.9 by @github-actions[bot] in anza-xyz/agave#10187

v3.1 ignore byte audit by @t-nelson in anza-xyz/agave#10391

v3.1: ci: move all agents to use the default queue (backport of #10330) by @mergify[bot] in anza-xyz/agave#10370

v3.1: ignore RUSTSEC-2026-0009 by @t-nelson in anza-xyz/agave#10526

v3.1: vote_storage: use the correct epoch to filter authorized voter (backport of #10522) by @mergify[bot] in anza-xyz/agave#10537

v3.1: bug: use try_send in handle_forwarded_packets (backport of #10498) by @mergify[bot] in anza-xyz/agave#10552

v3.1: streamer/sigverify: use bounded channels between streamers and sigver (backport of #9732) by @mergify[bot] in anza-xyz/agave#10551

v3.1: Sigverify - receive loop up to packet limit (backport of #10428) by @mergify[bot] in anza-xyz/agave#10521

v3.1: accounts-db: Reduce read-only cache lock contention (backport of #10641) by @mergify[bot] in anza-xyz/agave#10645

v3.1: accounts-db: Use SmallRng for LRU eviction sampling (backport of #10640) by @mergify[bot] in anza-xyz/agave#10644

v3.1: Switch from UnsafeCell<Box<[ITEM]>> to Box<[UnsafeCell<ITEM>]> in transaction context (backport of #10524) by @mergify[bot] in anza-xyz/agave#10556

v3.1: consensus: axe the intermediate accumulation pathway for OC (backport of #10594) by @mergify[bot] in anza-xyz/agave#10697

Full Changelog: anza-xyz/agave@v3.1.8...v3.1.9

Release v3.1.8

This a stable release suitable for Testnet, Devnet and Mainnet Beta.

https://github.com/anza-xyz/agave/blob/v3.1/CHANGELOG.md

What's Changed

Bump version to v3.1.8 by @github-actions[bot] in anza-xyz/agave#10107

v3.1: Enabling snapshot generation when loading from ledger tool (backport of #10064) by @mergify[bot] in anza-xyz/agave#10123

v3.1: Raise Entry's VersionedTransaction preallocation limit (backport of #10179) by @mergify[bot] in anza-xyz/agave#10182

Full Changelog: anza-xyz/agave@v3.1.7...v3.1.8

Release v3.1.7

This is a Testnet release. It is also recommended for Devnet, and up to 10% of Mainnet Beta.

https://github.com/anza-xyz/agave/blob/v3.1/CHANGELOG.md

What's Changed

v3.1: svm: properly test underfunded nonce fee-payer (backport of #9246) by @mergify[bot] in anza-xyz/agave#9849

Bump version to v3.1.7 by @github-actions[bot] in anza-xyz/agave#9920

v3.1: fix: genesis: feature-gated vote state (backport of #9467) by @mergify[bot] in anza-xyz/agave#9879

v3.1: Track congestion events in tpu-client-next stats (backport of #8816) by @mergify[bot] in anza-xyz/agave#9956

v3.1: Add WFSM stake metric (backport of #9803) by @mergify[bot] in anza-xyz/agave#10035

v3.1: runtime: Relax program data account check in migration (backport of #9891) by @mergify[bot] in anza-xyz/agave#9998

v3.1: runtime: Rekey p-token feature gate (backport of #9979) by @mergify[bot] in anza-xyz/agave#10015

v3.1: svm: build NonceInfo during transaction processing (backport of #9455) by @mergify[bot] in anza-xyz/agave#9756

... (truncated)

Changelog

Sourced from solana-client's changelog.

Changelog

All notable changes to this project will be documented in this file.

Please follow the guidance at the bottom of this file when making changes The format is based on Keep a Changelog. This project adheres to Semantic Versioning and follows a Backwards Compatibility Policy

Release channels have their own copy of this changelog:

edge - v4.1

beta - v4.0

stable - v3.1

4.1.0-Unreleased

RPC

Breaking

Changes

Validator

Breaking

Deprecations

Using minimal for --accounts-index-limit is now deprecated.

Changes

4.0.0

RPC

Breaking

--public-tpu-address and --public-tpu-forwards-address CLI arguments and setPublicTpuForwardsAddress, setPublicTpuAddress RPC methods now specify QUIC ports, not UDP.

Changes

Added --enable-scheduler-bindings which binds an IPC server at <ledger-path>/scheduler_bindings.ipc for external schedulers to connect to.

Added clientId field to each node in getClusterNodes response

Validator

Breaking

Removed deprecated arguments

--accounts-db-clean-threads

--accounts-db-hash-threads

--accounts-db-read-cache-limit-mb

--accounts-hash-cache-path

--disable-accounts-disk-index

--dev-halt-at-slot

--monitor (exit subcommand)

--wait-for-exit (exit subcommand)

--tpu-disable-quic

--tpu-enable-udp

--block-verification-method blockstore-processor is no longer supported. Remove the argument or switch to --block-verification-method unified-scheduler instead.

Removed support for ingestion of transactions via UDP. QUIC is now the only option.

All monorepo crates falling outside the backward compatibility policy are now part of the Agave Unstable API and their symbols have been made private. Enable the

... (truncated)

Commits

765ee54 v3.1: consensus: axe the intermediate accumulation pathway for OC (backport o...
ba0d1f8 v3.1: Switch from UnsafeCell\<Box<[ITEM]>> to Box\<[UnsafeCell<ITEM>]> in t...
7018f4a v3.1: accounts-db: Use SmallRng for LRU eviction sampling (backport of #106...
e9b827f v3.1: accounts-db: Reduce read-only cache lock contention (backport of #10641...
eed17d6 v3.1: Sigverify - receive loop up to packet limit (backport of #10428) (#10521)
46a35ec v3.1: streamer/sigverify: use bounded channels between streamers and sigver (...
2941257 v3.1: bug: use try_send in handle_forwarded_packets (backport of #10498) (#10...
d11da4c v3.1: vote_storage: use the correct epoch to filter authorized voter (backpor...
01a77c7 v3.1: ignore RUSTSEC-2026-0009 (#10526)
5dcb50f v3.1: ci: move all agents to use the default queue (backport of #10330) (#10370)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

github-actions · 2026-03-09T06:05:05Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 1 package(s) with unknown licenses.
⚠️ 4 packages with OpenSSF Scorecard issues.

See the Details below.

License Issues

packages/rust/soul/Cargo.toml

Package	Version	License	Issue Type
solana-client	>= 3.1.9, < 4.0.0	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

cargo/Inflector

0.11.4

Unknown

cargo/aead

0.5.2

🟢 5.4

Details

Check	Score	Reason
Code-Review	🟢 4	Found 13/29 approved changesets -- score normalized to 4
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	30 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	⚠️ 0	license file not detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

cargo/aes

0.8.4

🟢 3.8

Details

Check	Score	Reason
Code-Review	🟢 3	Found 9/30 approved changesets -- score normalized to 3
Maintained	🟢 10	18 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Fuzzing	⚠️ 0	project is not fuzzed
License	⚠️ 0	license file not detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

cargo/aes-gcm-siv

0.11.1

🟢 4.3

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 4/19 approved changesets -- score normalized to 2
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	29 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
License	⚠️ 0	license file not detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

cargo/agave-feature-set

3.1.9

Unknown

cargo/ascii

0.9.3

🟢 3.3

Details

Check	Score	Reason
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Code-Review	🟢 5	Found 6/12 approved changesets -- score normalized to 5
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Signed-Releases	⚠️ -1	no releases found
License	🟢 10	license file detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

cargo/cipher

0.4.4

🟢 5.4

Details

Check	Score	Reason
Code-Review	🟢 4	Found 13/29 approved changesets -- score normalized to 4
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	30 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	⚠️ 0	license file not detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

cargo/combine

3.8.1

🟢 3.8

Details

Check	Score	Reason
Code-Review	🟢 3	Found 6/19 approved changesets -- score normalized to 3
Maintained	🟢 3	4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

cargo/console

0.16.2

Unknown

cargo/ctr

0.9.2

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 4/30 approved changesets -- score normalized to 1
Binary-Artifacts	🟢 10	no binaries found in the repo
Maintained	🟢 10	14 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	⚠️ 0	license file not detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Packaging	🟢 10	packaging workflow detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

cargo/five8

1.0.0

Unknown

cargo/five8_const

1.0.0

Unknown

cargo/five8_core

1.0.0

Unknown

cargo/indicatif

0.18.4

Unknown

cargo/inout

0.1.4

🟢 4.6

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 1	Found 5/28 approved changesets -- score normalized to 1
Security-Policy	🟢 10	security policy file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	⚠️ 0	license file not detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Packaging	🟢 10	packaging workflow detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

cargo/merlin

3.0.0

⚠️ 2.8

Details

Check	Score	Reason
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 0/29 approved changesets -- score normalized to 0
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

cargo/pastey

0.2.1

Unknown

cargo/polyval

0.6.2

🟢 4.6

Details

Check	Score	Reason
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 1	Found 4/29 approved changesets -- score normalized to 1
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	⚠️ 0	license file not detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

cargo/rustc-demangle

0.1.27

Unknown

cargo/sha2-const-stable

0.1.0

⚠️ 2.5

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Code-Review	⚠️ 1	Found 1/9 approved changesets -- score normalized to 1
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	⚠️ 0	license file not detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

cargo/solana-account

3.4.0

Unknown

cargo/solana-account-decoder

3.1.9

Unknown

cargo/solana-account-decoder-client-types

3.1.9

Unknown

cargo/solana-account-info

3.1.0

Unknown

cargo/solana-address

1.1.0

Unknown

cargo/solana-address

2.2.0

Unknown

cargo/solana-address-lookup-table-interface

3.0.1

Unknown

cargo/solana-atomic-u64

3.0.1

Unknown

cargo/solana-borsh

3.0.1

Unknown

cargo/solana-client

3.1.9

Unknown

cargo/solana-client-traits

3.0.0

Unknown

cargo/solana-clock

3.0.1

Unknown

cargo/solana-cluster-type

3.1.0

Unknown

cargo/solana-commitment-config

3.1.1

Unknown

cargo/solana-config-interface

2.0.0

Unknown

cargo/solana-connection-cache

3.1.9

Unknown

cargo/solana-cpi

3.1.0

Unknown

cargo/solana-curve25519

3.1.9

Unknown

cargo/solana-define-syscall

3.0.0

Unknown

cargo/solana-define-syscall

4.0.1

Unknown

cargo/solana-define-syscall

5.0.0

Unknown

cargo/solana-derivation-path

3.0.0

Unknown

cargo/solana-epoch-info

3.1.0

Unknown

cargo/solana-epoch-rewards

3.0.1

Unknown

cargo/solana-epoch-schedule

3.0.0

Unknown

cargo/solana-feature-gate-interface

3.1.0

Unknown

cargo/solana-fee-calculator

3.1.0

Unknown

cargo/solana-hash

3.1.0

Unknown

cargo/solana-hash

4.2.0

Unknown

cargo/solana-inflation

3.0.0

Unknown

cargo/solana-instruction

3.2.0

Unknown

cargo/solana-instruction-error

2.2.0

Unknown

cargo/solana-instructions-sysvar

3.0.0

Unknown

cargo/solana-keypair

3.1.2

Unknown

cargo/solana-last-restart-slot

3.0.0

Unknown

cargo/solana-loader-v3-interface

6.1.0

Unknown

cargo/solana-measure

3.1.9

Unknown

cargo/solana-message

3.1.0

Unknown

cargo/solana-metrics

3.1.9

Unknown

cargo/solana-msg

3.1.0

Unknown

cargo/solana-net-utils

3.1.9

Unknown

cargo/solana-nonce

3.1.0

Unknown

cargo/solana-packet

3.0.0

Unknown

cargo/solana-perf

3.1.9

Unknown

cargo/solana-program-entrypoint

3.1.1

Unknown

cargo/solana-program-error

3.0.0

Unknown

cargo/solana-program-memory

3.1.0

Unknown

cargo/solana-program-option

3.0.1

Unknown

cargo/solana-program-pack

3.1.0

Unknown

cargo/solana-pubkey

3.0.0

Unknown

cargo/solana-pubkey

4.1.0

Unknown

cargo/solana-pubsub-client

3.1.9

Unknown

cargo/solana-quic-client

3.1.9

Unknown

cargo/solana-quic-definitions

3.0.0

Unknown

cargo/solana-rayon-threadlimit

3.1.9

Unknown

cargo/solana-rent

3.1.0

Unknown

cargo/solana-reward-info

3.0.0

Unknown

cargo/solana-rpc-client

3.1.9

Unknown

cargo/solana-rpc-client-api

3.1.9

Unknown

cargo/solana-rpc-client-nonce-utils

3.1.9

Unknown

cargo/solana-rpc-client-types

3.1.9

Unknown

cargo/solana-sanitize

3.0.1

Unknown

cargo/solana-sbpf

0.13.1

Unknown

cargo/solana-sdk-ids

3.1.0

Unknown

cargo/solana-sdk-macro

3.0.1

Unknown

cargo/solana-seed-derivable

3.0.0

Unknown

cargo/solana-seed-phrase

3.0.0

Unknown

cargo/solana-serde

3.0.0

Unknown

cargo/solana-serde-varint

3.0.1

Unknown

cargo/solana-serialize-utils

3.1.1

Unknown

cargo/solana-sha256-hasher

3.1.0

Unknown

cargo/solana-short-vec

3.2.0

Unknown

cargo/solana-signature

3.3.0

Unknown

cargo/solana-signer

3.0.0

Unknown

cargo/solana-slot-hashes

3.0.1

Unknown

cargo/solana-slot-history

3.0.0

Unknown

cargo/solana-stable-layout

3.0.1

Unknown

cargo/solana-stake-interface

2.0.2

Unknown

cargo/solana-streamer

3.1.9

Unknown

cargo/solana-svm-feature-set

3.1.9

Unknown

cargo/solana-svm-type-overrides

3.1.9

Unknown

cargo/solana-system-interface

2.0.0

Unknown

cargo/solana-sysvar

3.1.1

Unknown

cargo/solana-sysvar-id

3.1.0

Unknown

cargo/solana-time-utils

3.0.0

Unknown

cargo/solana-tls-utils

3.1.9

Unknown

cargo/solana-tpu-client

3.1.9

Unknown

cargo/solana-transaction

3.1.0

Unknown

cargo/solana-transaction-context

3.1.9

Unknown

cargo/solana-transaction-error

3.1.0

Unknown

cargo/solana-transaction-metrics-tracker

3.1.9

Unknown

cargo/solana-transaction-status-client-types

3.1.9

Unknown

cargo/solana-udp-client

3.1.9

Unknown

cargo/solana-version

3.1.9

Unknown

cargo/solana-vote-interface

4.0.4

Unknown

cargo/solana-zk-sdk

4.0.0

Unknown

cargo/spl-discriminator

0.5.1

Unknown

cargo/spl-discriminator-derive

0.2.0

🟢 3.6

Details

Check	Score	Reason
Security-Policy	🟢 10	security policy file detected
Code-Review	⚠️ 0	Found 0/3 approved changesets -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	⚠️ 0	project is archived
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 8	binaries present in source code
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

cargo/spl-discriminator-syn

0.2.1

Unknown

cargo/spl-generic-token

2.0.1

Unknown

cargo/spl-pod

0.7.2

Unknown

cargo/spl-token-2022-interface

2.1.0

Unknown

cargo/spl-token-confidential-transfer-proof-extraction

0.5.1

Unknown

cargo/spl-token-confidential-transfer-proof-generation

0.5.1

Unknown

cargo/spl-token-group-interface

0.7.1

Unknown

cargo/spl-token-interface

2.0.0

Unknown

cargo/spl-token-metadata-interface

0.8.0

Unknown

cargo/spl-type-length-value

0.9.0

Unknown

cargo/unit-prefix

0.5.2

Unknown

cargo/universal-hash

0.5.1

🟢 5.4

Details

Check	Score	Reason
Code-Review	🟢 4	Found 13/29 approved changesets -- score normalized to 4
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	30 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	⚠️ 0	license file not detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

cargo/unreachable

1.0.0

⚠️ 2.3

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 3/13 approved changesets -- score normalized to 2
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	⚠️ -1	no workflows found
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ -1	no dependencies found
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

cargo/void

1.0.2

⚠️ 2.3

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	⚠️ -1	no workflows found
Code-Review	⚠️ 2	Found 6/25 approved changesets -- score normalized to 2
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ -1	No tokens found
Pinned-Dependencies	⚠️ -1	no dependencies found
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

cargo/wincode

0.4.5

Unknown

cargo/wincode-derive

0.4.3

Unknown

cargo/solana-client

>= 3.1.9, < 4.0.0

Unknown

Scanned Files

Cargo.lock
packages/rust/soul/Cargo.toml

Bumps [solana-client](https://github.com/anza-xyz/agave) from 2.3.13 to 3.1.9. - [Release notes](https://github.com/anza-xyz/agave/releases) - [Changelog](https://github.com/anza-xyz/agave/blob/master/CHANGELOG.md) - [Commits](anza-xyz/agave@v2.3.13...v3.1.9) --- updated-dependencies: - dependency-name: solana-client dependency-version: 3.1.9 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file rust Rust language related security Security update This issue is for an update or upgrade. labels Mar 9, 2026

dependabot bot force-pushed the dependabot/cargo/dev/solana-client-3.1.9 branch from 3f86040 to 97aecf9 Compare March 9, 2026 07:16

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump solana-client from 2.3.13 to 3.1.9#7819

chore(deps): bump solana-client from 2.3.13 to 3.1.9#7819
dependabot[bot] wants to merge 1 commit intodevfrom
dependabot/cargo/dev/solana-client-3.1.9

dependabot bot commented on behalf of github Mar 9, 2026 •

edited

Loading

Uh oh!

github-actions bot commented Mar 9, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot bot commented on behalf of github Mar 9, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release v3.1.9

What's Changed

Release v3.1.8

What's Changed

Release v3.1.7

What's Changed

Changelog

4.1.0-Unreleased

RPC

Breaking

Changes

Validator

Breaking

Deprecations

Changes

4.0.0

RPC

Breaking

Changes

Validator

Breaking

Uh oh!

github-actions bot commented Mar 9, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Dependency Review

License Issues

packages/rust/soul/Cargo.toml

OpenSSF Scorecard

Scanned Files

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot bot commented on behalf of github Mar 9, 2026 •

edited

Loading

github-actions bot commented Mar 9, 2026 •

edited

Loading