Skip to content

chore(deps): bump pinocchio-token from 0.5.0 to 0.6.0#46

Merged
dev-jodee merged 1 commit into
mainfrom
dependabot/cargo/pinocchio-token-0.6.0
May 18, 2026
Merged

chore(deps): bump pinocchio-token from 0.5.0 to 0.6.0#46
dev-jodee merged 1 commit into
mainfrom
dependabot/cargo/pinocchio-token-0.6.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 18, 2026
edited
Loading

Bumps pinocchio-token from 0.5.0 to 0.6.0.

Release notes

Sourced from pinocchio-token's releases.

pinocchio-token@v0.6.0

New instructions

SIMD-0226 (p-token) introduces new instruction to the Token program. These are now supported.

WithdrawExcesssLamports

The WithdrawExcessLamports (instruction discriminator 38) allows recovering "bricked" SOL from mint (e.g., USDC mint as ~323 SOL in excess) and multisig accounts. The logic of this instruction is similar to the current SPL Token-2022 instruction: the mint authority must be a signer (for mint accounts) or the multisig (for multisig accounts) to authorize the withdraw. Additionally, for mint accounts that do not have a mint authority set, it is possible to authorize the withdraw using the mint account as the signing authority — the instruction will need to be signed using the mint private key. Note that economic consequences may occur depending on the quantity of "unbricked" SOL; the total amount of SOL that could be freed up in this manner has yet to be calculated.

The instruction definition can be found here.

UnwrapLamports

The UnwrapLamports (instruction discriminator 45) allows transferring out lamports from native SOL token accounts directly to any destination account. This eliminates the need for creating temporary native token accounts for the recipient. The instruction supports transferring a specific amount or the entire amount of the account.

The instruction definition can be found here.

Batch

The Batch (instruction discriminator 255) enables efficient CPI interaction with the Token program. This is a new instruction that can execute a variable number of Token instructions in a single invocation of the Token program. Therefore, the base CPI invoke units (currently 1000 CUs) are only consumed once, instead of for each CPI instruction — this significantly improves the CUs required to perform multiple Token instructions in a CPI context. Almost every DeFi protocol on Solana performs multiple CPIs to the Token program in one instruction. For example, an AMM performs two transfers during swap, or transfers tokens and mints others during an LP deposit. Programs can use the batch instruction for even more CU gains.

The instruction definition can be found here and an example of a batch invocation here.

Changes to existing instructions

SyncNative

The SyncNative (instruction discriminator 17) has been updated to accommodate changes to the rent-exempt requirement. When the minimum rent-exempt balance for an account changes, any excess will now be treated as part of the native amount. To support this change, the instruction now requires the Rent sysvar. It will either call the Rent::get() syscall (~100 CUs) or expect the Rent sysvar account to be provided as the second account in the instruction.

Note that this may cause problems for programs that already pass extra accounts to SyncNative. In that case, there are two options:

  1. The first extra account (second account) passed to SyncNative must be the Rent sysvar account. Any additional accounts can follow.
  2. Remove any extra accounts passed to SyncNative.

The instruction definition can be found here.

What's new

Commits
  • cc937fe Publish pinocchio-token v0.6.0
  • eb22a63 Publish pinocchio v0.11.0
  • 9691848 programs/token: Add batch header data length helper (#398)
  • 5dea221 programs/token-2022: Add missing discriminator to ScaledUiAmount extension ...
  • 8a499c0 programs/token-2022: Improve account validation (#400)
  • f200b4e programs/token: Rename account type (#401)
  • 760c371 sdk: Use correct MAX_SIZE (#393)
  • 879f43b sdk: Add alignment check to Clock::from_bytes (#394)
  • 3c24f09 programs/token-2022: Set mint as readonly in `WithdrawWithheldTokensFromAccou...
  • 3a758df programs/system: Add data len check in create account helper (#399)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels May 18, 2026
@dependabot dependabot Bot requested a review from dev-jodee as a code owner May 18, 2026 17:19
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels May 18, 2026
@dev-jodee dev-jodee mentioned this pull request May 18, 2026
Merged
5 tasks
dev-jodee added a commit that referenced this pull request May 18, 2026
@dev-jodee
chore(deps): combined bump (codama, litesvm, spl-token-2022, non-majo…
e83c8f2 
…r group)

Replaces dependabot PRs:
- #45 cargo-non-major group (borsh, solana-security-txt, solana-pubkey,
  solana-address, solana-account-info, solana-program-error,
  solana-system-interface)
- #49 litesvm 0.9.0 -> 0.11.0
- #53 codama 0.7.4 -> 0.9.2 (IDL regen adds "events": [])

Also bumps spl-token-2022 10.0.0 -> 11.0.0 to match updated
solana-nullable types pulled by transitive solana-* deps.

Pinocchio bumps (#46, #50, #52, #54, #55) and solana-account 4.0
(#48) excluded: pinocchio 0.10 -> 0.11 needs AccountView API
migration across program/* and tests, solana-account 4.0 conflicts
with solana-client 3.x (only available at 4.0.0-rc).

codama renderer JS/Rust majors (#60, #61) and npm-non-major (#56)
excluded: require kit-plugin client migration + codegen script
updates beyond a dep bump.
dev-jodee added a commit that referenced this pull request May 18, 2026
@dev-jodee
chore(deps): combined bump (codama, litesvm, spl-token-2022, non-majo…
da57b99 
…r group)

Replaces dependabot PRs:
- #45 cargo-non-major group (borsh, solana-security-txt, solana-pubkey,
  solana-address, solana-account-info, solana-program-error,
  solana-system-interface)
- #49 litesvm 0.9.0 -> 0.11.0
- #53 codama 0.7.4 -> 0.9.2 (IDL regen adds "events": [])

Also bumps spl-token-2022 10.0.0 -> 11.0.0 to match updated
solana-nullable types pulled by transitive solana-* deps.

Pinocchio bumps (#46, #50, #52, #54, #55) and solana-account 4.0
(#48) excluded: pinocchio 0.10 -> 0.11 needs AccountView API
migration across program/* and tests, solana-account 4.0 conflicts
with solana-client 3.x (only available at 4.0.0-rc).

codama renderer JS/Rust majors (#60, #61) and npm-non-major (#56)
excluded: require kit-plugin client migration + codegen script
updates beyond a dep bump.
dev-jodee added a commit that referenced this pull request May 18, 2026
@dev-jodee
chore(deps): combined bump (codama, litesvm, spl-token-2022, non-majo…
29ee4f6 
…r group) (#62)

Replaces dependabot PRs:
- #45 cargo-non-major group (borsh, solana-security-txt, solana-pubkey,
  solana-address, solana-account-info, solana-program-error,
  solana-system-interface)
- #49 litesvm 0.9.0 -> 0.11.0
- #53 codama 0.7.4 -> 0.9.2 (IDL regen adds "events": [])

Also bumps spl-token-2022 10.0.0 -> 11.0.0 to match updated
solana-nullable types pulled by transitive solana-* deps.

Pinocchio bumps (#46, #50, #52, #54, #55) and solana-account 4.0
(#48) excluded: pinocchio 0.10 -> 0.11 needs AccountView API
migration across program/* and tests, solana-account 4.0 conflicts
with solana-client 3.x (only available at 4.0.0-rc).

codama renderer JS/Rust majors (#60, #61) and npm-non-major (#56)
excluded: require kit-plugin client migration + codegen script
updates beyond a dep bump.

Co-authored-by: Jo D <dev-jodee@users.noreply.github.com>
@dependabot
chore(deps): bump pinocchio-token from 0.5.0 to 0.6.0
8b419a1 
Bumps [pinocchio-token](https://github.com/anza-xyz/pinocchio) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/anza-xyz/pinocchio/releases)
- [Commits](https://github.com/anza-xyz/pinocchio/compare/pinocchio-token@v0.5.0...pinocchio-token@v0.6.0)

---
updated-dependencies:
- dependency-name: pinocchio-token
  dependency-version: 0.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/cargo/pinocchio-token-0.6.0 branch from 138508d to 8b419a1 Compare May 18, 2026 19:23
@dev-jodee dev-jodee merged commit 4a18ce7 into main May 18, 2026
6 checks passed
@dev-jodee dev-jodee deleted the dependabot/cargo/pinocchio-token-0.6.0 branch May 18, 2026 19:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dev-jodee dev-jodee dev-jodee approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dev-jodee