Bump fvm version

[LesnyRumcajs]

Summary of changes

Changes introduced in this pull request:

• update FVMs (and other deps)
• removed advisory suppression for wasmtime (the updated FVMs now use wasmtime 36)

Reference issue to close (if applicable)

Closes

Other information and links

Change checklist

• I have performed a self-review of my own code,
• I have made corresponding changes to the documentation. All new code adheres to the team's documentation standards,
• I have added tests that prove my fix is effective or that my feature works (if possible),
• I have made sure the CHANGELOG is up-to-date. All user-facing changes should be reflected in this document.

Summary by CodeRabbit

• Chores
  • Updated security advisory configuration to enforce stricter validation of project dependencies by removing exceptions from the ignore list.

[coderabbitai]

Walkthrough

The PR removes two Rust security advisory entries (RUSTSEC-2025-0046 and RUSTSEC-2025-0118) from the ignore list in the deny.toml advisory filtering configuration, allowing these advisories to be flagged by the dependency auditing tool.

Changes

Cohort / File(s)	Summary
Dependency advisory configuration deny.toml	Removed entries for RUSTSEC-2025-0046 and RUSTSEC-2025-0118 from the [advisories] ignore list

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• fix: ignore RUSTSEC-2025-0118 (wasmtime in FVM) #6247: Modifies the same advisory entry (RUSTSEC-2025-0118) in deny.toml—one PR removes it from the ignore list while the other manages it differently.

Suggested labels

dependencies

Suggested reviewers

• hanabi1224
• sudo-shashank
• elmattic

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'Bump fvm version' is vague and generic. While it references FVM, the actual changes involve removing advisory suppressions from deny.toml (RUSTSEC-2025-0046 and RUSTSEC-2025-0118), not just bumping FVM versions.	Clarify the title to accurately reflect the main change. Consider: 'Remove wasmtime advisory suppressions from deny.toml' or 'Update FVM and remove advisory suppressions for wasmtime 36'.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch bump-fvm-version

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e8f322b and 27e2e24.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (1)

• deny.toml (0 hunks)

💤 Files with no reviewable changes (1)

• deny.toml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: cargo-publish-dry-run
• GitHub Check: Build Ubuntu
• GitHub Check: Build MacOS
• GitHub Check: tests
• GitHub Check: tests-release
• GitHub Check: All lint checks
• GitHub Check: Build forest binaries on Linux AMD64

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}