chore(deps): bump telegram-webapp-sdk from 0.2.15 to 0.3.0

[dependabot]

Bumps telegram-webapp-sdk from 0.2.15 to 0.3.0.

Release notes

Sourced from telegram-webapp-sdk's releases.

v0.3.0

[0.3.0] - 2025-11-04

Changed

• refactor: remove server-side validation from SDK (#156)

Fixed

• fix: improve git-cliff configuration for better changelog formatting

v0.2.18

[0.2.18] - 2025-10-29

Added

• feat: improve initialization API with environment detection and typed errors (#152)

v0.2.17

[0.2.17] - 2025-10-29

Changed

• Docs: add issue references to v0.2.16 changelog

Fixed

• Fix: suppress unused variable warnings in debug-only logger (#143)

v0.2.16

Fixed

• Made use_telegram_context Yew hook reactive to properly handle cases when the Telegram SDK initializes after component mount. The hook now uses requestAnimationFrame to efficiently poll for context availability and automatically updates when the context becomes ready (#141, #142)

Full Changelog: RAprogramm/telegram-webapp-sdk@v0.2.15...v0.2.16

Changelog

Sourced from telegram-webapp-sdk's changelog.

[0.3.0] - 2025-11-04

Removed

• BREAKING: Removed server-side validation logic from SDK
  • Removed validate_init_data module
  • Removed ValidationKey enum
  • Removed TelegramWebApp::validate_init_data() method
  • Removed verify_init_data_hash() function
• BREAKING: Removed crypto dependencies: hmac-sha256, hex, base64, ed25519-dalek

Changed

• Updated README to recommend init-data-rs crate for server-side validation
• Bot tokens should never be exposed to client-side code
• Validation now requires server-side implementation only

Migration Guide

For server-side validation, use the init-data-rs crate:

use init_data_rs::{validate, InitData};
async fn authenticate(init_data_str: &str, bot_token: &str)
-> Result<InitData, Box<dyn std::error::Error>> {
let init_data: InitData = validate(init_data_str, bot_token, Some(3600))?;
Ok(init_data)
}

[0.2.18] - 2025-11-03

Added

• Comprehensive demo documentation (demo/README.md)
• Rust bot example with teloxide and masterror
• Local development guide with cloudflared/ngrok
• Complete WebApp architecture explanation

[0.2.17] - 2025-11-02

Fixed

• Improved initialization API with environment detection
• Added typed errors for better error handling

[0.2.16] - 2025-10-25

Fixed

• Made use_telegram_context Yew hook reactive to properly handle cases when the Telegram SDK initializes after component mount. The hook now uses requestAnimationFrame to efficiently poll for context availability and automatically updates when the context becomes ready. (#141, #142)

Commits

• 560ae47 chore: bump version to 0.3.0
• 827feef #155 refactor: remove server-side validation from SDK (#156)
• 52719d2 153 (#154)
• 8f33664 fix: improve git-cliff configuration for better changelog formatting
• b337d84 chore: bump version to 0.2.18
• 33be30d #145 feat: improve initialization API with environment detection and typed er...
• 2d4d118 chore: bump version to 0.2.17
• f9bdab9 ci: add automated changelog generation and GitHub releases
• 32a415d #147 feat: add automatic cleanup for EventHandle via Drop trait (#151)
• 1bcad6d 146 (#150)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)