chore(deps): bump wasmtime from 39.0.1 to 40.0.0

[dependabot]

Bumps wasmtime from 39.0.1 to 40.0.0.

Release notes

Sourced from wasmtime's releases.

v40.0.0

40.0.0

Released 2025-12-20.

Added

• WASIp3 support for wasi:http now implements Response::from_http to convert from standard Rust types to WASI types. #12063

• Cranelift now supports a "patchable" ABI which has a maximum number of arguments and clobbers no registers. This is paired as well with a new patchable_call instruction which supports being turned into NOPs at runtime. #12061 #12101

Changed

• Support for the WebAssembly threads proposal is now classified as tier 2 by default. Additionally creation of SharedMemory is disabled by deafult behind a new config knob/CLI flag. #12036

• A variety of peephole-style optimizations have been added to Cranelift's optimization passes. #11994 #11995 #11996 #11997 #11998 #11999 #12000 #12006 #12008

• Component host functions have been slightly optimized to remove an Arc clone and reduce contention. #11987

• Support for component-model-async has been updated to account for the changes specified in WebAssembly/component-model#578. This means that historical binaries using WASIp3, for example, are no longer valid. Recompilation of historical components will be required and source-level changes may also be required in some circumstances. #12031 #12043

• The UnsyncBoxBody type is now used everywhere in wasmtime-wasi-http instead of just in the wasip3 support.

... (truncated)

Changelog

Sourced from wasmtime's changelog.

41.0.0

Unreleased.

Added

Changed

---

Release notes for previous releases of Wasmtime can be found on the respective release branches of the Wasmtime repository.

• 40.0.x
• 39.0.x
• 38.0.x
• 37.0.x
• 36.0.x
• 35.0.x
• 34.0.x
• 33.0.x
• 32.0.x
• 31.0.x
• 30.0.x
• 29.0.x
• 28.0.x
• 27.0.x
• 26.0.x
• 25.0.x
• 24.0.x
• 23.0.x
• 22.0.x
• 21.0.x
• 20.0.x
• 19.0.x
• 18.0.x
• 17.0.x
• 16.0.x
• 15.0.x
• 14.0.x
• 13.0.x
• 12.0.x
• 11.0.x
• 10.0.x
• 9.0.x
• 8.0.x
• 7.0.x
• 6.0.x
• 5.0.x

... (truncated)

Commits

• 0807b00 Release Wasmtime 40.0.0 (#12192)
• fadd22a [40.0.0] trap on blocking call in sync task before return (#12144)
• c242041 Add release notes (#12132)
• ac3358b Fix various broken links in docs. (#12125)
• 058a9bc Components: implement exception-tag translation in core module types. (#12122)
• 54826c0 Update wasm-tools/wit-bindgen dependencies (#12121)
• 245580e Cranelift: support fuzzing patchable_call. (#12118)
• 1d73897 Use core::convert::Infallible instead of our own Uninhabited type (#12115)
• 9a6aa39 Revert "Cranelift: Reassociate long and narrow chains of operations into shal...
• 91abf8c trap on read from and write to intra-component stream/future (#12117)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0068f1a611

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Keep wasmtime/wasmtime-wasi versions in sync

Compiling crates/runtime uses wasmtime and wasmtime_wasi together (e.g., passing a wasmtime::Linker into wasmtime_wasi::p1::add_to_linker_sync in crates/runtime/src/runtime.rs). With wasmtime bumped to 40.0.0 but wasmtime-wasi still pinned to 39.0.1, Cargo resolves two different wasmtime versions, so the Linker types don’t match and this fails to compile when building the runtime crate. Please update wasmtime-wasi to 40.0.0 (or keep wasmtime at 39.0.1) to preserve type compatibility.

Useful? React with 👍 / 👎.

[dependabot]

Superseded by #145.