bazel/wasm: Bump to actually resolve CVE

[phlax]

No description provided.

[repokitteh-read-only]

CC @envoyproxy/dependency-shepherds: Your approval is needed for changes made to (bazel/.*repos.*\.bzl)|(bazel/dependency_imports\.bzl)|(api/bazel/.*\.bzl)|(.*/requirements\.txt)|(.*\.patch).
envoyproxy/dependency-shepherds assignee is @jwendell

🐱

Caused by: #45788 was opened by phlax.

see: more, trace.

[phlax]

cc @leonm1

[leonm1]

I will update proxy-wasm-cpp-host with v44

[phlax]

great, thanks - heads up proxy wasm ci is currently broken - i disabled it inadvertently and it has drifted

busy with releases rn - but can probably look further tomorrow

[leonm1]

I integrated the latest wasmtime version into proxy-wasm, however, it looks like we need to update the rust toolchain version.

diff --git a/bazel/dependency_imports.bzl b/bazel/dependency_imports.bzl
index f0e3f47aa2..0a8add12e3 100644
--- a/bazel/dependency_imports.bzl
+++ b/bazel/dependency_imports.bzl
@@ -70,7 +70,7 @@ def envoy_dependency_imports(
     )
     rules_rust_dependencies()
     rust_register_toolchains(
-        versions = ["1.88.0"],
+        versions = [rust_common.default_version],
         extra_target_triples = [
             "wasm32-unknown-unknown",
             "wasm32-wasip1",
diff --git a/bazel/deps.yaml b/bazel/deps.yaml
index 60872218d4..811d9c9ebc 100644
--- a/bazel/deps.yaml
+++ b/bazel/deps.yaml
@@ -548,7 +548,7 @@ wasmtime:
   project_name: "wasmtime"
   project_desc: "A standalone runtime for WebAssembly"
   project_url: "https://github.com/bytecodealliance/wasmtime"
-  release_date: "2026-04-09"
+  release_date: "2026-06-15"
   use_category:
   - dataplane_ext
   extensions:
@@ -1196,7 +1196,7 @@ proxy_wasm_cpp_host:
   project_name: "WebAssembly for Proxies (C++ host implementation)"
   project_desc: "WebAssembly for Proxies (C++ host implementation)"
   project_url: "https://github.com/proxy-wasm/proxy-wasm-cpp-host"
-  release_date: "2026-06-22"
+  release_date: "2026-06-23"
   use_category:
   - dataplane_ext
   extensions:
diff --git a/bazel/repository_locations.bzl b/bazel/repository_locations.bzl
index 2aaf415054..ecfeccb7cf 100644
--- a/bazel/repository_locations.bzl
+++ b/bazel/repository_locations.bzl
@@ -503,8 +503,8 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         urls = ["https://github.com/bytecodealliance/wasm-micro-runtime/archive/{version}.tar.gz"],
     ),
     wasmtime = dict(
-        version = "42.0.2",
-        sha256 = "96b94e150a3877d98cdc2e27bcd65ba89155ad67fa16c48fad6216664cb60d29",
+        version = "45.0.2",
+        sha256 = "a95cf57008b87dbe1cdaba220ea58b75bb0b53369e166fe21e729011bd25e9e8",
         strip_prefix = "wasmtime-{version}",
         urls = ["https://github.com/bytecodealliance/wasmtime/archive/v{version}.tar.gz"],
     ),
@@ -607,8 +607,8 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         urls = ["https://github.com/proxy-wasm/proxy-wasm-cpp-sdk/archive/{version}.tar.gz"],
     ),
     proxy_wasm_cpp_host = dict(
-        version = "09e5f8d6658fdb77f3d5859b27141e79514e371c",
-        sha256 = "366e7598d4931a96fd1c5b0482f87076d863810049aa3a8ce921616592ed3e8c",
+        version = "f2db56af443571e92a31c0b877106d9ea96e19ef",
+        sha256 = "34dac5bcebf0b156e435bf8dd9bdac5be60b95f967c420c680578d73af28c604",
         strip_prefix = "proxy-wasm-cpp-host-{version}",
         urls = ["https://github.com/proxy-wasm/proxy-wasm-cpp-host/archive/{version}.tar.gz"],
     ),