chore(deps): bump bytes from 1.10.1 to 1.11.1 in /packages/plugins/didkit-plugin-node/native in the cargo group across 1 directory

[dependabot]

Bumps the cargo group with 1 update in the /packages/plugins/didkit-plugin-node/native directory: bytes.

Updates bytes from 1.10.1 to 1.11.1

Release notes

Sourced from bytes's releases.

Bytes v1.11.1

1.11.1 (February 3rd, 2026)

• Fix integer overflow in BytesMut::reserve

Bytes v1.11.0

1.11.0 (November 14th, 2025)

• Bump MSRV to 1.57 (#788)

Fixed

• fix: BytesMut only reuse if src has remaining (#803)
• Specialize BytesMut::put::<Bytes> (#793)
• Reserve capacity in BytesMut::put (#794)
• Change BytesMut::remaining_mut to use isize::MAX instead of usize::MAX (#795)

Internal changes

• Guarantee address in slice() for empty slices. (#780)
• Rename Vtable::to_* -> Vtable::into_* (#776)
• Fix latest clippy warnings (#787)
• Ignore BytesMut::freeze doctest on wasm (#790)
• Move drop_fn of from_owner into vtable (#801)

Changelog

Sourced from bytes's changelog.

1.11.1 (February 3rd, 2026)

• Fix integer overflow in BytesMut::reserve

1.11.0 (November 14th, 2025)

• Bump MSRV to 1.57 (#788)

Fixed

• fix: BytesMut only reuse if src has remaining (#803)
• Specialize BytesMut::put::<Bytes> (#793)
• Reserve capacity in BytesMut::put (#794)
• Change BytesMut::remaining_mut to use isize::MAX instead of usize::MAX (#795)

Internal changes

• Guarantee address in slice() for empty slices. (#780)
• Rename Vtable::to_* -> Vtable::into_* (#776)
• Fix latest clippy warnings (#787)
• Ignore BytesMut::freeze doctest on wasm (#790)
• Move drop_fn of from_owner into vtable (#801)

Commits

• 417dccd Release bytes v1.11.1 (#820)
• d0293b0 Merge commit from fork
• a7952fb chore: prepare bytes v1.11.0 (#804)
• 60cbb77 fix: BytesMut only reuse if src has remaining (#803)
• 7ce330f Move drop_fn of from_owner into vtable (#801)
• 4b53a29 Tweak BytesMut::remaining_mut (#795)
• 016fdbd Reserve capacity in BytesMut::put (#794)
• ef7f257 Specialize BytesMut::put::<Bytes> (#793)
• 8b4f54d Ignore BytesMut::freeze doctest on wasm (#790)
• 16132ad Fix latest clippy warnings (#787)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[changeset-bot]

⚠️ No Changeset found

Latest commit: c944f6e

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[github-actions]

👋 Hey there! It looks like you modified code, but didn't update the documentation in /docs.

If this PR introduces new features, changes APIs, or modifies behavior that users or developers need to know about, please consider updating the docs.

---

🏄 Windsurf Tip

You can ask Windsurf to help:

"Analyze the changes in this PR and update the gitbook docs in /docs accordingly."

Windsurf will review your changes and suggest appropriate documentation updates based on what was modified.

---

📚 Documentation Guide

Change Type	Doc Location
New feature/API	docs/tutorials/ or docs/how-to-guides/
SDK/API changes	docs/sdks/
New concepts	docs/core-concepts/
App UI/UX flows	docs/apps/ (LearnCard App, ScoutPass)
Internal patterns	AGENTS.md

This is an automated reminder. If no docs are needed, feel free to ignore this message.

[netlify]

✅ Deploy Preview for staging-learncardapp canceled.

Name	Link
🔨 Latest commit	c944f6e
🔍 Latest deploy log	https://app.netlify.com/projects/staging-learncardapp/deploys/69b4c6220c84120007fdcfd1

[netlify]

✅ Deploy Preview for learncarddocs canceled.

Name	Link
🔨 Latest commit	c944f6e
🔍 Latest deploy log	https://app.netlify.com/projects/learncarddocs/deploys/69b4c622d295ea0008859e8e

[gitstream-cm]

This PR is missing a Jira ticket reference in the title or description.
Please add a Jira ticket reference to the title or description of this PR.

[Custard7]

@claude please review

[claude]

Claude finished @Custard7's task —— View job

---

Code Review Complete ✅

Todo List:

• Analyze the changed files and dependency update
• Review bytes crate release notes for security/breaking changes
• Evaluate auto-approval eligibility
• Provide comprehensive review feedback

Review Summary

This is a clean dependency update for the bytes crate in the DIDKit plugin's Rust native code.

Changes:

• bytes 1.10.1 → 1.11.1 (patch version)
• Only the Cargo.lock file is modified (4 lines: version + checksum)
• No source code changes required

Security Impact:

• ✅ Important security fix: Resolves integer overflow in BytesMut::reserve
• ✅ No breaking changes
• ✅ Backward compatible improvements and bug fixes

Auto-Approval Decision: ✅ APPROVED

This PR meets all auto-approval criteria:

• Size: 4 total lines changed (well under 200 limit)
• File type: Only Cargo.lock (dependency lockfile)
• Risk level: Low risk - no high-risk files modified
• Content: Pure dependency version bump with beneficial security fixes
• No dangerous patterns: No new APIs, auth changes, or risky code

Recommendation

This is an excellent update to apply immediately. The security fix for integer overflow in BytesMut::reserve makes this update particularly valuable, and the patch version indicates no breaking changes are expected.

Note on Changeset: The missing changeset is appropriate since this only affects the native Rust dependency tree and doesn't change any JavaScript/TypeScript APIs exposed to consumers.

---

[claude]

Auto-approved: Safe dependency update with security fix