deps(deps): bump the serde-stack group across 1 directory with 2 updates#43
deps(deps): bump the serde-stack group across 1 directory with 2 updates#43dependabot[bot] wants to merge 1 commit into
Conversation
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
🤖 Augment PR SummarySummary: Updates core serialization dependencies in the workspace. Changes:
Technical Notes: 🤖 Was this summary useful? React with 👍 or 👎 |
![augmentcode[bot]](https://avatars.githubusercontent.com/in/1027498?s=60&v=4){kind=small}
| libp2p-yamux = { version = "=0.45.2" } # 2025-11-16 sw: Yamux multiplexer | ||
| multiaddr = { version = "=0.18.2" } # 2025-11-16 sw: Multiaddr /ip4/... format | ||
| bincode = { version = "=1.3.3" } # 2025-11-16 sw: Binary serialization for gossip messages | ||
| bincode = { version = "=2.0.1" } # 2025-11-16 sw: Binary serialization for gossip messages |
There was a problem hiding this comment.
Upgrading to bincode 2 is a major API change (v2 replaces bincode::serialize/deserialize with bincode::serde::encode_*/decode_* and requires passing an explicit Configuration). Since bincode is used for gossip messages, snapshots, and sled state across the workspace, please ensure all call sites migrate and that a deliberate config (e.g., bincode::config::legacy()) is pinned anywhere format compatibility matters.
Severity: high
Other Locations
crates/foundry/Cargo.toml:11crates/scaling/Cargo.toml:26
🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.
| # Tier 0 — cryptography, serialization, dedup core (2025-11-03 sw; see docs/dependency-security.md#tier-0) | ||
| serde = { version = "=1.0.228", features = ["derive"] } # 2025-11-03 sw: canonical serialization; CT reviewed | ||
| serde_json = { version = "=1.0.145" } # 2025-11-03 sw: deterministic JSON for protocol surfaces | ||
| serde_json = { version = "=1.0.149" } # 2025-11-03 sw: deterministic JSON for protocol surfaces |
There was a problem hiding this comment.
serde_json 1.0.149 changes float-to-string formatting internals (Ryū → Żmij) and also tweaks arbitrary_precision number string formatting; if any JSON output is used as canonical bytes for hashing/signing or protocol compatibility, this bump could change results. Consider validating any protocol/persistence paths that rely on deterministic JSON serialization.
Severity: low
🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.
Bumps the serde-stack group with 2 updates in the / directory: [serde_json](https://github.com/serde-rs/json) and [bincode](https://github.com/bincode-org/bincode). Updates `serde_json` from 1.0.145 to 1.0.149 - [Release notes](https://github.com/serde-rs/json/releases) - [Commits](serde-rs/json@v1.0.145...v1.0.149) Updates `bincode` from 1.3.3 to 2.0.1 - [Commits](https://github.com/bincode-org/bincode/commits) --- updated-dependencies: - dependency-name: bincode dependency-version: 2.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: serde-stack - dependency-name: serde_json dependency-version: 1.0.149 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: serde-stack ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
changed the title
dependabot
Bot
force-pushed
the
dependabot/cargo/serde-stack-bb1cec214b
branch
from
aabf006 to
efd5879
Compare
Bumps the serde-stack group with 2 updates in the / directory: serde_json and bincode.
Updates
serde_jsonfrom 1.0.145 to 1.0.149Release notes
Sourced from serde_json's releases.
Commits
4f6dbfaRelease 1.0.149f3df680Touch up PR 1306e16730fMerge pull request #1306 from b41sh/fix-float-number-displayeeb2bcdAlignarbitrary_precisionnumber strings with zmij’s formatting8b291c4Release 1.0.1481aefe15Update to zmij 1.062d6e8dRelease 1.0.147fd829a6Merge pull request #1304 from dtolnay/zmije757a3dSwitch from ryu -> zmij for float formatting75ad7e6Release 1.0.146Updates
bincodefrom 1.3.3 to 2.0.1Commits