chore(deps): bump act-sdk from 0.6.0 to 0.7.0

[dependabot]

Bumps act-sdk from 0.6.0 to 0.7.0.

Changelog

Sourced from act-sdk's changelog.

[0.7.0] - 2026-05-06

Added

• act:sessions/session-provider macro support. wit/deps/act-sessions is bundled in the SDK; consumers symlink it like the other interfaces and add export act:sessions/session-provider@0.1.0; to their world.wit.
• act_sdk::SessionRegistry<T> — interior-mutable id→state map for components that maintain per-session state. Allocates ids as <prefix>_<n>.
• #[session_open] and #[session_close] markers — when both appear inside #[act_component], the macro generates the session-provider Guest impl. get-open-session-args-schema is derived from the open fn's args type via JsonSchema; open-session decodes metadata-shaped args; close-session is a sync pass-through (per WIT).
• act_sdk::sessions::session_id_from_metadata — pulls std:session-id out of WIT metadata (CBOR-decoded).
• New constants in act_types::constants: META_SESSION_ID, META_AGENT_ID, META_SESSION_OP, ERR_SESSION_NOT_FOUND. ActError::session_not_found helper.
• New act_types::http wire types: OpenSessionRequest, OpenSessionResponse. error_kind_to_status now maps std:session-not-found to 404.

Migration

No breaking changes for tool-only components — the macro is opt-in through the new #[session_open]/#[session_close] markers and the extra wit/deps/act-sessions symlink.

Commits

• ab9c73f chore(release): 0.7.0
• 6808ccb feat(sdk): act:sessions/session-provider macro support
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	act-sdk@​0.6.0 ⏵ 0.7.0

View full report