chore(deps): bump generic-array from 0.14.7 to 1.3.5

[dependabot]

Bumps generic-array from 0.14.7 to 1.3.5.

Release notes

Sourced from generic-array's releases.

1.0.0

Changelog

Primary PR

Changelog

Sourced from generic-array's changelog.

• (unreleased)

  • Add subtle, arbitrary, bytemuck, bitvec and as-slice implementations for GenericArray.
  • Add GenericSequence::repeat for creating sequences/arrays with repeated elements.
  • Add FallibleGenericSequence with try_generate and from_fallible_iter for fallible generation of sequences/arrays.
  • Add try_fold and try_map to FunctionalSequence for fallible folding/mapping of sequences/arrays.
  • Add try_from_fallible_iter to GenericArray for fallible construction from fallible iterators.
  • Add each_ref/each_mut methods to GenericArray for creating arrays of references to the elements.

• 1.3.5

  • Fixed const_transmute not compiling between Rust versions 1.74.0 and 1.83.0. Yanked 1.3.4.

• 1.3.4

  • Significantly improve stack usage of GenericArray methods in unoptimized (-C opt-level=0) build modes.
  • Introduce the hybrid-array-0_4 feature to allow interop between generic-array 1.x and hybrid-array 0.4 versions.
  • Add ConstGenericArray type alias for easier usage with literal const usizes.
  • Implement ZeroizeOnDrop for GenericArray when T: ZeroizeOnDrop (when using the zeroize feature).

• 1.3.2

  • Introduce the compat-0_14 feature to allow interop between generic-array 1.x and 0.14 versions.

• 1.3.1

  • Lower MSRV to 1.65.0 (minimum required for GATs)
  • Make some functions const only on Rust 1.83.0 or newer, otherwise they are non-const.
  • Implement core::error::Error for LengthError on Rust 1.81.0 or newer.

• 1.3.0

  • Restrict ArrayLength to lengths representable by usize to fix soundness issues #156 (may break invalid code)
  • Flatten internal representation to improve miri performance #157
  • Use serde_core instead of serde

• 1.2.1

  • Replace doc_auto_cfg with doc_cfg #155

• 1.2.0

  • Mark more functions as const
  • Bump MSRV to 1.83.0 (reverted in generic-array 1.3.1)

• 1.1.1

  • Add Flatten and Unflatten traits for converting between nested arrays.

• 1.1.0

  • Add Remove trait that adds remove/swap_remove to GenericArray (inspired by #147)
  • Soft-deprecate internals::ArrayBuilder in favor of internals::IntrusiveArrayBuilder

• 1.0.1

  • Update faster-hex dependency
  • Mark from_iter as #[inline] to significantly improve codegen.

• 1.0.0

  • Use GATs for ArrayLength !

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[drewstone]

✅ PR Review w/ codex, claude

Approve. Non-blocking nits remain. Medium: Lockfile regen pulled in reqwest 0.13.2 as unintended transitive dependency in Cargo.lock:6525. Medium: serde feature no longer activated on generic-array 0.14.7 — verify crypto serde paths in tests in Cargo.lock:6566. Medium: serde feature dropped from generic-array 0.14 workspace-wide in crates/networking/extensions/agg-sig-gossip/Cargo.toml:61.

Recommendation	Approve (with nits) (76/100)
Findings	3 total — 🟠 3 medium
Ensemble	2 reviewers × 3 tracks
Files reviewed	3 files changed
Validator	claude
Provenance	individual reviewer outputs

---

🟠 MEDIUM (3)

• Lockfile regen pulled in reqwest 0.13.2 as unintended transitive dependency Cargo.lock:6525

  The Cargo.lock regeneration caused gcloud-sdk 0.27.4 to resolve reqwest 0.13.2 in addition to reqwest 0.12.28. The workspace now ships two major versions of reqwest (0.12 and 0.13), adding a complete duplicate HTTP client stack. x402-axum also depends on reqwest 0.13.2. This wasn't present before the lockfile regen and is unrelated to the generic-array bump. Two reqwest versions means duplicated TLS stacks, connection pools, and increased binary size. More importantly, types from reqwest 0.12 an…

• serde feature no longer activated on generic-array 0.14.7 — verify crypto serde paths in tests Cargo.lock:6566

  The dev-dependencies in agg-sig-gossip and round-based switched from enabling serde on generic-array 0.14 to 1.3. The lock file confirms generic-array 0.14.7 no longer has serde in its dependencies (only typenum, version_check, zeroize remain). This is likely correct since these crates now use generic-array 1.3.5 at runtime. However, the original comment says 'We don't use it directly, but we need to enable serde feature' — if any test code path serializes types containing GenericArray from th…

• serde feature dropped from generic-array 0.14 workspace-wide crates/networking/extensions/agg-sig-gossip/Cargo.toml:61

  The dev-dependency comment on line 60 says 'We don't use it directly, but we need to enable serde feature.' Previously this enabled serde on generic-array 0.14, which propagated via Cargo feature unification to all transitive users of generic-array 0.14 (elliptic-curve, sec1, crypto-bigint, ff, group, etc.). After this change, the Cargo.lock confirms generic-array 0.14.7 no longer carries the serde dependency — it was removed. The serde feature is now enabled on generic-array 1.3.5 instead, …

---

_{pr-reviewer v0.5.0 · review #1 · 2026-03-23T12:25:16.423120+00:00}