build(deps): bump alloy-dyn-abi from 1.4.0 to 1.4.1

[dependabot]

Bumps alloy-dyn-abi from 1.4.0 to 1.4.1.

Release notes

Sourced from alloy-dyn-abi's releases.

alloy-core v1.4.1

Security

Patched: DoS vulnerability on alloy_dyn_abi::TypedData hashing

An uncaught panic triggered by malformed input to alloy_dyn_abi::TypedData could lead to a denial-of-service (DoS) via eip712_signing_hash().

Software with high availability requirements such as network services may be particularly impacted. If in use, external auto-restarting mechanisms can partially mitigate the availability issues unless repeated attacks are possible.

The vulnerability was patched by adding a check to ensure the element is not empty before accessing its first element; an error is returned if it is empty. The fix is included in version v1.4.1 and backported to v0.8.26.

See: GHSA-pgp9-98jm-wwq2

What's Changed

• chore: remove feature(doc_auto_cfg) by @​DaniPopes in alloy-rs/core#1019
• feat(primitives): Add Borsh support for TxKind by @​mablr in alloy-rs/core#1022
• feat: Add Sqlx Traits for Bytes Type by @​Arvmor in alloy-rs/core#1020
• chore: fix docs, typos by @​DaniPopes in alloy-rs/core#1023
• feat(sol-macro): add transient storage keyword support by @​AurelienFT in alloy-rs/core#1026
• feat: gate 60 tuple impls behind 'more-tuple-impls' feature flag by @​DaniPopes in alloy-rs/core#1027
• chore: remove some inlines by @​DaniPopes in alloy-rs/core#1028
• refactor(dyn-abi): clean up Resolver by @​DaniPopes in alloy-rs/core#1030

New Contributors

• @​AurelienFT made their first contribution in alloy-rs/core#1026

Full Changelog: alloy-rs/core@v1.4.0...v1.4.1

Changelog

Sourced from alloy-dyn-abi's changelog.

1.4.1 - 2025-10-14

Features

• Gate 60 tuple impls behind 'more-tuple-impls' feature flag (#1027)
• [sol-macro] Add transient storage keyword support (#1026)
• Add Sqlx Traits for Bytes Type (#1020)
• [primitives] Add Borsh support for TxKind (#1022)

Miscellaneous Tasks

• Remove some inlines (#1028)
• Fix docs, typos (#1023)
• Remove feature(doc_auto_cfg) (#1019)

Other

• Merge commit from fork

Refactor

• [dyn-abi] Clean up Resolver (#1030)

Commits

• f7d4a85 chore: release 1.4.1
• 5ac01fa refactor(dyn-abi): clean up Resolver (#1030)
• 7823e9a Merge commit from fork
• baa341c chore: remove some inlines (#1028)
• 2ce9079 feat: gate 60 tuple impls behind 'more-tuple-impls' feature flag (#1027)
• 6893986 feat(sol-macro): add transient storage keyword support (#1026)
• bce535b chore: fix docs, typos (#1023)
• 534c90e feat: Add Sqlx Traits for Bytes Type (#1020)
• 4403ac8 feat(primitives): Add Borsh support for TxKind (#1022)
• a71f93a chore: remove feature(doc_auto_cfg) (#1019)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Summary by CodeRabbit

• Chores
  • Configured Dependabot to group Alloy-related Rust dependency updates under a single group, reducing PR noise and simplifying update reviews.
  • Existing dependency groups remain unchanged for other ecosystems and packages.
  • No impact on runtime behavior or user-facing features.

[coderabbitai]

Walkthrough

Added a new Dependabot group named alloy under the cargo ecosystem with patterns "alloy" and "alloy-*". Existing cargo groups (worker, leptos, patch-versions) and other ecosystems (GitHub Actions, npm) remain unchanged.

Changes

Cohort / File(s)	Change Summary
Dependabot config \.github/dependabot.yml	Added cargo group "alloy" with patterns "alloy" and "alloy-*"; no other groups modified.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

Suggested reviewers

• sudo-shashank

Poem

Hop hop! A new group springs to light,
Alloy bundles updates tight.
Rusty crates in tidy rows,
Dependabot knows where it goes.
Carrots queued, PRs aligned—
Merge-time nibble, peace of mind. 🥕🐇

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title clearly summarizes the primary change of bumping the alloy-dyn-abi dependency from version 1.4.0 to 1.4.1 and follows a concise, conventional format without extraneous details.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dependabot/cargo/alloy-dyn-abi-1.4.1

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fcdff01 and cdb3a75.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (1)

• .github/dependabot.yml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: codedov
• GitHub Check: lint
• GitHub Check: deploy
• GitHub Check: e2e

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 39.03%. Comparing base (fcdff01) to head (cdb3a75).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #331   +/-   ##
=======================================
  Coverage   39.03%   39.03%           
=======================================
  Files          40       40           
  Lines        2559     2559           
=======================================
  Hits          999      999           
  Misses       1560     1560           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.