chore(deps): update rust crate anyhow to v1.0.103 [security]

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
anyhow	dependencies	patch	1.0.86 → 1.0.103
anyhow	dependencies	patch	1.0.97 → 1.0.103
anyhow	dependencies	patch	1.0.102 → 1.0.103
anyhow	dependencies	patch	1.0.98 → 1.0.103

---

Unsoundness in Error::downcast_mut()

RUSTSEC-2026-0190

More information

Details

Affected versions of this crate violate borrow rules, resulting in undefined behavior, when the user adds context to an error via Error::context and then later calls Error::downcast_mut on the returned Error.

The flaw was corrected in commit 6e8c000 by revising how the mutable reference is constructed, avoiding inclusion of a shared reference in the resulting borrow chain.

Example

use anyhow::Error;
use std::fmt;

#[derive(Debug)]
struct ErrorContext(&'static str);

impl fmt::Display for ErrorContext {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        fmt::Display::fmt(&self.0, f)
    }
}

fn main() {
    let mut error = Error::msg("inner error").context(ErrorContext("old context"));
    let context: &mut ErrorContext = error.downcast_mut().unwrap();
    context.0 = "new context";
    println!("{:?}", error);
}

Miri output

error: Undefined Behavior: trying to retag from <1538> for Unique permission at alloc602[0x38], but that tag only grants SharedReadOnly permission for this location
   --> src/ptr.rs:170:18
    |
170 |         unsafe { &mut *self.ptr.as_ptr() }
    |                  ^^^^^^^^^^^^^^^^^^^^^^^ this error occurs as part of retag at alloc602[0x38..0x48]
    |
    = help: this indicates a potential bug in the program: it performed an invalid operation, but the Stacked Borrows rules it violated are still experimental
    = help: see https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md for further information
help: <1538> was created by a SharedReadOnly retag at offsets [0x38..0x48]
   --> src/ptr.rs:89:18
    |
 89 |             ptr: NonNull::from(ptr),
    |                  ^^^^^^^^^^^^^^^^^^
    = note: stack backtrace:
            0: anyhow::ptr::Mut::<'_, ErrorContext>::deref_mut
                at src/ptr.rs:170:18: 170:41
            1: anyhow::error::<impl anyhow::Error>::downcast_mut::<ErrorContext>
                at src/error.rs:560:18: 560:46
            2: main
                at examples/downcast_mut.rs:15:38: 15:58

Severity

Unknown

References

• https://crates.io/crates/anyhow
• https://rustsec.org/advisories/RUSTSEC-2026-0190.html
• https://github.com/dtolnay/anyhow/issues/451

This data is provided by OSV and the Rust Advisory Database (CC0 1.0).

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: executor/Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path executor/Cargo.toml --package anyhow@1.0.102 --precise 1.0.103
    Updating crates.io index
error: failed to get `wasmparser` as a dependency of package `genvm v0.3.0 (/tmp/renovate/repos/github/genlayerlabs/genvm/executor)`

Caused by:
  failed to load source for dependency `wasmparser`

Caused by:
  unable to update /tmp/renovate/repos/github/genlayerlabs/genvm/executor/third-party/wasm-tools/crates/wasmparser

Caused by:
  failed to read `/tmp/renovate/repos/github/genlayerlabs/genvm/executor/third-party/wasm-tools/crates/wasmparser/Cargo.toml`

Caused by:
  No such file or directory (os error 2)

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[github-actions]

👋 This PR targeted main, so I've retargeted it to the latest dev branch v0.3-dev.

main is protected and is only an alias of the latest release branch (v0.3-dev), kept in lockstep automatically. Active v0.3 work lands on v0.3-dev, which reaches v0.3.x through the standing release-gate PR once the cross-repo E2E matrix is green.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.