chore: update sdk to published version, update sep5, and remove slipped10 dep

[mootz12]

What

Update the sep5 crate that also removed the slipped10 dependency in favor of ows_signer to 0.1.0. Also, manually implement the HD Path logic in stellar-ledger instead of relying on slipped10.

Why

The slipped10 dependency has a security advisory, and old, valid versions were yanked.

Known limitations

None

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	cargo/​thiserror@​2.0.16 ⏵ 2.0.18
	cargo/​soroban-sdk@​26.0.0-rc.1
	cargo/​soroban-spec@​26.0.0-rc.1
	cargo/​soroban-spec-rust@​26.0.0-rc.1
	cargo/​sep5@​0.0.4 ⏵ 0.1.0
	cargo/​soroban-token-sdk@​26.0.0-rc.1
	cargo/​stellar-asset-spec@​26.0.0-rc.1
	cargo/​soroban-ledger-snapshot@​26.0.0-rc.1

View full report

[Copilot]

Pull request overview

Updates the workspace to use published (crates.io) Soroban SDK crates and upgrades sep5 to remove the vulnerable slipped10 dependency, including an in-crate implementation of the Stellar BIP-44 HD path encoding used by stellar-ledger.

Changes:

• Switch Soroban SDK-related workspace dependencies from git-based sources to crates.io versions.
• Bump sep5 to 0.1.0 and remove slipped10 from stellar-ledger.
• Replace slipped10-based BIP32 path handling in stellar-ledger with a manual hardened-path byte encoding (plus unit tests).

Reviewed changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
deny.toml	Updates allowed license list and removes now-unneeded duplicate-skip and git-source entries.
cmd/crates/stellar-ledger/src/hd_path.rs	Implements manual Stellar HD path encoding and adds focused tests.
cmd/crates/stellar-ledger/Cargo.toml	Drops the slipped10 dependency.
Cargo.toml	Moves Soroban SDK deps to published versions and bumps sep5.
Cargo.lock	Lockfile refresh reflecting the dependency upgrades/removals.