chore: bump version to 1.0.0

[panos-xyz]

Summary

Prepares the v1.0.0 release. Bumps [workspace.package].version from 0.3.0 to 1.0.0 and refreshes Cargo.lock so all 15 internal morph-* crates (including the new morph-engine-tree-ext and morph-statetest) carry the new version.

This marks morph-reth's first stable release. Highlights of v0.3.0 → v1.0.0 (20 PRs):

• feat: unfork reth to upstream paradigmxyz/reth v2.2.0 with retroactive state-root trust (feat: unfork reth to paradigmxyz/reth v2.2.0 with retroactive state-root trust #98) — morph-reth is now a Reth SDK extension, not a fork
• feat: centralized-sequencer EL support (V2 engine API + reorg + next_l1_msg_index hardening) (feat: centralized-sequencer EL support (V2 engine API + reorg + next_l1_msg_index hardening) #124)
• feat: standalone morph-statetest runner (feat(bin): add standalone morph-statetest runner #113)
• fix: align Morph transaction/receipt serialization with morph-geth (fix(rpc): align Morph transaction and receipt serialization with morph-geth #114, fix(primitives): emit nonce/v/r/s placeholders for L1 message RPC #115, fix(primitives): emit gasPrice=0x0 placeholder for L1 message RPC #117)
• fix: enforce Morph transaction admission gates in txpool (fix(txpool): enforce Morph transaction admission gates #120)
• fix: preserve finalized tags during safe imports (fix(engine-api): preserve finalized tags during safe imports #130) and exact L1 fee fallback encoding (fix(revm): make L1 fee fallback encoding tx-type exact #131)
• fix: treat zero withdraw trie root as unspecified (fix(node): treat zero withdraw trie root as unspecified #127)
• fix: address audit follow-ups (fix: address audit follow-ups #116)
• chore(deps): lower workspace Rust version to 1.93 (chore: lower workspace Rust version to 1.93 #129); bump tar to 0.4.46 for GHSA-3pv8-6f4r-ffg2 (chore(deps): bump tar to 0.4.46 (GHSA-3pv8-6f4r-ffg2) #119)
• chore: Grafana dashboard signal quality improvements (chore(grafana): improve dashboard signal quality #110); remove per-block debug timing logs (chore(engine-api): remove per-block debug timing logs #132)

A 1.0.0 bump is appropriate: the unfork (#98) and centralized-sequencer support (#124) together with the audit fixes (#116) make this our first API/protocol-stable release.

Test plan

• CI green on this PR (build + clippy + cargo-deny + tests)
• After merge, tag v1.0.0 on main and push to origin (GitHub release CI) and gitlab
• Push release/1.0.0 branch to gitlab for deployment

Summary by CodeRabbit

• Chores
  • Updated the workspace package version to 1.0.0, marking the first stable release.
• Chores
  • Updated security advisory ignore settings to suppress an additional RustSec warning for a build-time proc-macro dependency.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 03e2a54f-2357-4dea-bd53-588c0bbf4f70

📥 Commits

Reviewing files that changed from the base of the PR and between 0ac224a and 738a4c1.

📒 Files selected for processing (1)

• deny.toml

---

📝 Walkthrough

Walkthrough

The workspace package version in Cargo.toml is updated to 1.0.0, and deny.toml adds an ignored RustSec advisory entry for proc-macro-error2.

Changes

Release Metadata Update

Layer / File(s)	Summary
Workspace version update Cargo.toml	The version field under [workspace.package] changes from 0.3.0 to 1.0.0.
Advisory ignore entry deny.toml	The [advisories].ignore list adds RUSTSEC-2026-0173 with comments describing the transitive build-time proc-macro usage.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• morph-l2/morph-reth#77: Same [workspace.package] version field update pattern in Cargo.toml.
• morph-l2/morph-reth#95: Also changes Cargo.toml versioning and deny.toml advisory ignores.
• morph-l2/morph-reth#61: Directly related to deny.toml RustSec advisory ignore handling.

Suggested reviewers

• anylots
• chengwenxi

Poem

🐇 I hop through manifests, neat and bright,
One version now blooms, one advisory tucked right.
A tiny patch twinkles in cargo-cartoon light,
Version one and a hush for the warning tonight.
Hop hop!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: bumping the workspace version to 1.0.0 for the release.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/bump-version-1.0.0

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}