build(deps): bump wasmtime from 41.0.4 to 43.0.0

[dependabot]

Bumps wasmtime from 41.0.4 to 43.0.0.

Release notes

Sourced from wasmtime's releases.

v43.0.0

43.0.0

Released 2026-03-20.

Added

• Wasmtime now supports the WASIp3 snapshot 0.3.0-rc-2026-03-15. #12557

• The number of frames captured in backtrace collection can now be configured. #12542

• Wasmtime now supports fine-grained operator cost configuration for when fuel is enabled. #12541

• Configuring the gc_support option is now possible through the C API. #12630

• Configuring the concurrency_support option is now possible through the C API. #12703

• Debugging-related APIs have been added to access all modules and instances on a store. #12637

• All store entities now expose a "unique ID" for debugging purposes. #12645

• Cranelift's x64 backend now supports the cls instruction for all integer types. #12644

Changed

• Internal refactoring and support necessary for handling OOM gracefully throughout the runtime is proceeding apace. New APIs such as FuncType::try_new are available in addition to many internal changes. #12530 #12537 (... and many more ...)

• Wasmtime's representation of stack frames in the debugging API no longer borrows the store itself and is instead represented as a handle. #12566

• Wasmtime now unconditionally sets SO_REUSEADDR for guest-bound sockets. #12597

... (truncated)

Changelog

Sourced from wasmtime's changelog.

44.0.0

Unreleased.

Added

Changed

---

Release notes for previous releases of Wasmtime can be found on the respective release branches of the Wasmtime repository.

• 43.0.x
• 42.0.x
• 41.0.x
• 40.0.x
• 39.0.x
• 38.0.x
• 37.0.x
• 36.0.x
• 35.0.x
• 34.0.x
• 33.0.x
• 32.0.x
• 31.0.x
• 30.0.x
• 29.0.x
• 28.0.x
• 27.0.x
• 26.0.x
• 25.0.x
• 24.0.x
• 23.0.x
• 22.0.x
• 21.0.x
• 20.0.x
• 19.0.x
• 18.0.x
• 17.0.x
• 16.0.x
• 15.0.x
• 14.0.x
• 13.0.x
• 12.0.x
• 11.0.x
• 10.0.x
• 9.0.x
• 8.0.x

... (truncated)

Commits

• be23469 Release Wasmtime 43.0.0 (#12806)
• d225583 cm-async: Fix cancelling a completed host task (#12797) (#12801)
• b0dc282 [43.0.0] A few more backports (#12795)
• 51ec9db WASIP3 update to latest rc (#12781) (#12786)
• e7e3996 [43.0.0] Add release notes (#12770)
• 4b24669 [43.0.0] Backport fixes, refactorings, and updates to wasip3 limits (#12769)
• dc7a322 Make serde an optional dependency in wasmtime-core (#12739) (#12752)
• d8e213f Rename our OOM-handling String to TryString (#12720)
• 7a4f53a Fix build without wat feature. (#12706)
• 58877f2 Fix the current guest task when calling realloc (#12718)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[jaberjaber23]

Needs testing before merge. This is a major wasmtime jump (41 -> 43) with significant internal restructuring — new wasmtime-internal-core crate, hashbrown 0.15->0.16, gimli 0.32->0.33, regalloc2 0.13->0.15, object 0.37->0.38, and pulley-interpreter 41->43. The WASM sandbox is a security boundary — please run the full cargo test --workspace and verify WASM agent isolation still works correctly before merging.

[jaberjaber23]

Superseded by #1041, which does the same wasmtime 41→43 bump and the required downstream fixes in sandbox.rs + rumqttc 0.24→0.25 with use-native-tls (Dependabot only updated the Cargo manifests, leaving wasmtime-43 API-break fallout red across Check/Test/Clippy). Closing in favor of #1041. Thanks @dependabot.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.