Update Rust crate cedar-policy-core to v4.9.1

[hash-worker]

This PR contains the following updates:

Package	Type	Update	Change
cedar-policy-core (source)	workspace.dependencies	minor	4.5.1 -> 4.9.1

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

cedar-policy/cedar (cedar-policy-core)

v4.9.1

Compare Source

Release 4.9.1, available on crates.io

Changed

• Minor optimizations to decimal parsing (#​2156) and constructing constant identifiers (#​1880).

Full Changelog: cedar-policy/cedar@v4.9.0...v4.9.1

v4.9.0

Compare Source

Release 4.9.0, available on crates.io

Added

• Entity::attrs() and Entity::tags() to iterate over all attributes/tags of an Entity (#​2084)
• to_json_value() methods on Entities, Context, and EntityUid (matching the existing one on Entity) (#​2085)
• From or TryFrom impls for converting public types into their corresponding FFI versions in
  the ffi module (new impls on ffi::EntityUid, ffi::Context, ffi::Entities, ffi::Policy,
  ffi::Template, and ffi::StaticPolicySet) (#​2085)
• schema_to_json_with_resolved_types() function, which takes in a Cedar schema and returns a json schema without any instances of EntityOrCommon; they're all either Entity or CommonType (#​2058)
• More derives (PartialEq, Clone, etc) for a number of types in the ffi module (#​2083)
• TPE: Simplify <residual> && false to false and <residual> || true to true when <residual> is error-free. (#​2091)

Fixed

• Policy formatting for record literals and index-style attribute access. (#​2117, fixing #​959 and #​1005)

v4.8.2

Compare Source

Release 4.8.2, available on crates.io

Changed

• Deprecated entity-manifest experimental feature. Consumers of these functions should migrate to the tpe feature and use PolicySet::is_authorized_batch. (#​1945)

Fixed

• Fixed authorization and other error messages to correctly display all diagnostic information. (#​1944)

v4.8.1

Compare Source

Release 4.8.1, available on crates.io

Fixed

• Fixed parsing of small negative decimal literals. (#​1964)

v4.8.0

Compare Source

Release 4.8.0, available on crates.io

Added

• Added TpeResponse::residual_policies and TpeResponse::nontrivial_residual_policies to get residual policies under experimental feature tpe. (#​1906)
• Added PartialEntity::new and PartialEntities::from_partial_entities to programmatically construct PartialEntity and PartialEntities under feature tpe. (#​1916)

Changed

• For the tpe experimental feature, PartialEntities::from_concrete now requires a Schema and will validate the entities,
  ensuring that a PartialEntities object always meets the preconditions required for type aware partial evaluation. (#​1903)
• Evaluate has operation when the LHS record is projectable during partial evaluation. (#​1912)
• Deprecated schema parsing errors ActionAttributesContainEmptySet, UnsupportedActionAttribute, ActionAttrEval, and ExprEscapeUsed.
  These errors are never returned, so it is safe to delete any associated error handling code. (#​1929)
• Made policy validation for in, ==, and hasTag slightly more permissive to match the formally verified Lean model. (#​1931)
• Increase partial evaluation precision for if-then-else, or, and expressions (#​1940)

Fixed

• Removed incorrect dependency of feature partial-eval of feature tpe. (#​1898)
• Fixed incomplete policy ID renaming by PolicySet::merge. Updated policy IDs were correctly reflected when getting a
  policy with PolicySet::policy and PolicySet::template, but Policy::id, Template::id, and Policy::template_id
  continued to return the original id.
• Fixed issue where SchemaFragment::to_cedarschema could return a string that is not a valid Cedar schema.

v4.7.1

Compare Source

Release 4.7.1, available on crates.io

Fixed

• Fixed parsing of small negative decimal literals. (#​1966)

v4.7.0

Compare Source

Release 4.7.0, available on crates.io

Cedar Language Version: 4.4

Added

• Added Schema::actions_for_principal_and_resource to list actions which apply to a particular principal and resource type.
• For the tpe experimental feature, added PolicySet::query_actions to list the actions which might be authorized given partial request with an unknown action.
• For the tpe experimental feature, added PartialEntities::empty to conveniently construct an empty partial entity set.

v4.6.2

Compare Source

Release 4.6.2, available on crates.io

Fixed

• Fixed parsing of small negative decimal literals.

v4.6.1

Compare Source

Release 4.6.1, available on crates.io

Fixed

• Fixed doc.rs build (#​1878)

v4.6.0

Compare Source

Release 4.6.0, available on crates.io

Added

• Added deep_eq to the Entity and Entities structs to allow comparing these objects for structural equality. (#​1723)
• Added stateful_is_authorized, preparse_policy_set and preparse_schema to support stateful evaluation using a cached policy set and schema, in the ffi module. (#​1831, fixing #​1829)
• Added has_non_scope_constraint for Policy and Template, returning true if the policy or template has a when or unless condition. (#​1852)
• Implemented variadic ipaddr.isInRange that returns true if the target ipaddr is in range for any of the arguments as described in RFC 99, under the experimental flag variadic-is-in-range. (#​1775)
• Implemented type-aware partial evaluation as described in RFC 95, under the
  experimental flag tpe. (#​1575)
• Implemented batched evaluation, also under the experimental flag tpe. Batched evaluation allows for permission queries against large databases of entities. (#​1812)

Changed

• Bumped MSRV to 1.85 (#​1683)

v4.5.2

Compare Source

Release 4.5.2, available on crates.io

Fixed

• Fixed parsing of small negative decimal literals.

---

Configuration

📅 Schedule: Branch creation - "before 4am every weekday,every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 63.03%. Comparing base (ef314c5) to head (be18518).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #7998   +/-   ##
=======================================
  Coverage   63.03%   63.03%           
=======================================
  Files        1302     1302           
  Lines      132960   132960           
  Branches     5509     5509           
=======================================
+ Hits        83808    83809    +1     
+ Misses      48238    48237    -1     
  Partials      914      914           

Flag	Coverage Δ
local.claude-hooks	0.00% <ø> (ø)
local.harpc-client	51.24% <ø> (ø)
rust.antsi	0.00% <ø> (ø)
rust.error-stack	90.88% <ø> (ø)
rust.harpc-codec	84.70% <ø> (ø)
rust.harpc-net	96.16% <ø> (+0.01%)	⬆️
rust.harpc-tower	66.80% <ø> (ø)
rust.harpc-types	0.00% <ø> (ø)
rust.harpc-wire-protocol	92.23% <ø> (ø)
rust.hash-codec	72.76% <ø> (ø)
rust.hash-graph-temporal-versioning	47.95% <ø> (ø)
rust.hashql-core	82.26% <ø> (ø)
rust.hashql-diagnostics	72.43% <ø> (ø)
rust.hashql-syntax-jexpr	94.05% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
ds-theme	Ready	Preview, Comment	Feb 27, 2026 5:02pm
hash	Error		Feb 27, 2026 5:02pm
hashdotdesign	Ready	Preview, Comment	Feb 27, 2026 5:02pm
hashdotdesign-tokens	Ready	Preview, Comment	Feb 27, 2026 5:02pm
petrinaut	Ready	Preview	Feb 27, 2026 5:02pm

[deepsource-io]

Here's the code health analysis summary for commits d549b46..ea9c8f2. View details on DeepSource ↗.

Analysis Summary

Analyzer	Status	Summary	Link
JavaScript	✅ Success		View Check ↗
Secrets	✅ Success		View Check ↗
SQL	✅ Success		View Check ↗
Rust	✅ Success		View Check ↗
Shell	✅ Success		View Check ↗
Docker	✅ Success		View Check ↗
Test coverage	❌ Failure	🚩 1 error	View Check ↗

Code Coverage Report

Metric	Aggregate	Javascript	Rust
Branch Coverage	66.9% (up 37.4% from main)	33% (up 29% from main)	73% (up 1.1% from main)
Composite Coverage	82.5% (up 26.7% from main)	46.2% (up 38.7% from main)	84.1% (up 19.5% from main)
Line Coverage	82.9% (up 26% from main)	47.6% (up 39.3% from main)	84.4% (up 19.9% from main)

---

💡 If you’re a repository administrator, you can configure the quality gates from the settings.