From 128a224fd643eec4168dace9fdabcbba8ffa9475 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Jan 2026 03:16:42 +0000
Subject: [PATCH] deps(deps): bump the serde-stack group with 2 updates

Updates the requirements on [serde_json](https://github.com/serde-rs/json) and [bincode](https://github.com/bincode-org/bincode) to permit the latest version.

Updates `serde_json` to 1.0.147
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.145...v1.0.147)

Updates `bincode` to 3.0.0
- [Commits](https://github.com/bincode-org/bincode/commits)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-version: 1.0.147
  dependency-type: direct:production
  dependency-group: serde-stack
- dependency-name: bincode
  dependency-version: 3.0.0
  dependency-type: direct:production
  dependency-group: serde-stack
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Cargo.lock                | 30 +++++++++++++++++++++---------
 Cargo.toml                |  4 ++--
 crates/foundry/Cargo.toml |  2 +-
 crates/scaling/Cargo.toml |  2 +-
 4 files changed, 25 insertions(+), 13 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index f783305..1e45323 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -559,6 +559,12 @@ dependencies = [
  "serde",
 ]
 
+[[package]]
+name = "bincode"
+version = "3.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fd6a120d2e16b3e1b4a24bd70f23b12d3e16b81f113364a26935f8db7245452d"
+
 [[package]]
 name = "bindgen"
 version = "0.59.2"
@@ -899,7 +905,7 @@ dependencies = [
  "anyhow",
  "async-stream",
  "async-trait",
- "bincode",
+ "bincode 3.0.0",
  "blake3",
  "bytes",
  "common",
@@ -2003,7 +2009,7 @@ name = "federation"
 version = "0.1.0"
 dependencies = [
  "anyhow",
- "bincode",
+ "bincode 3.0.0",
  "blake3",
  "capsule-registry",
  "common",
@@ -2085,7 +2091,7 @@ name = "foundry"
 version = "0.1.0"
 dependencies = [
  "anyhow",
- "bincode",
+ "bincode 3.0.0",
  "bytes",
  "capsule-registry",
  "common",
@@ -2537,7 +2543,7 @@ version = "0.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "085f262d7604911c8150162529cefab3782e91adb20202e8658f7275d2aefe5d"
 dependencies = [
- "bincode",
+ "bincode 1.3.3",
  "futures",
  "gloo-utils",
  "gloo-worker-macros",
@@ -2568,7 +2574,7 @@ version = "0.1.0"
 dependencies = [
  "anyhow",
  "async-trait",
- "bincode",
+ "bincode 3.0.0",
  "bytes",
  "futures",
  "hmac",
@@ -6138,7 +6144,7 @@ version = "0.1.0"
 dependencies = [
  "anyhow",
  "async-trait",
- "bincode",
+ "bincode 3.0.0",
  "blake3",
  "bytes",
  "common",
@@ -6288,15 +6294,15 @@ dependencies = [
 
 [[package]]
 name = "serde_json"
-version = "1.0.145"
+version = "1.0.149"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "402a6f66d8c709116cf22f558eab210f5a50187f702eb4d7e5ef38d9a7f1c79c"
+checksum = "83fc039473c5595ace860d8c4fafa220ff474b3fc6bfdb4293327f1a37e94d86"
 dependencies = [
  "itoa",
  "memchr",
- "ryu",
  "serde",
  "serde_core",
+ "zmij",
 ]
 
 [[package]]
@@ -9325,6 +9331,12 @@ dependencies = [
  "zopfli",
 ]
 
+[[package]]
+name = "zmij"
+version = "1.0.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "02aae0f83f69aafc94776e879363e9771d7ecbffe2c7fbb6c14c5e00dfe88439"
+
 [[package]]
 name = "zopfli"
 version = "0.8.3"
diff --git a/Cargo.toml b/Cargo.toml
index 6c3307f..96e73f3 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -66,7 +66,7 @@ semver = { version = "^1.0.27" } # 2025-11-03 sw: version range evaluation for d
 
 # Tier 0 — cryptography, serialization, dedup core (2025-11-03 sw; see docs/dependency-security.md#tier-0)
 serde = { version = "=1.0.228", features = ["derive"] } # 2025-11-03 sw: canonical serialization; CT reviewed
-serde_json = { version = "=1.0.145" } # 2025-11-03 sw: deterministic JSON for protocol surfaces
+serde_json = { version = "=1.0.149" } # 2025-11-03 sw: deterministic JSON for protocol surfaces
 serde_yaml = { version = "0.9" } # YAML parsing for CLI policies
 blake3 = { version = "=1.8.2" } # 2025-11-03 sw: convergent hash, SIMD constant-time per upstream audit
 bloomfilter = { version = "=1.0.13" } # 2025-11-03 sw: dedupe candidate screening, bounded memory
@@ -98,7 +98,7 @@ libp2p-tcp = { version = "=0.41.0", default-features = false, features = ["tokio
 libp2p-noise = { version = "=0.44.0" } # 2025-11-16 sw: Noise handshake
 libp2p-yamux = { version = "=0.45.2" } # 2025-11-16 sw: Yamux multiplexer
 multiaddr = { version = "=0.18.2" } # 2025-11-16 sw: Multiaddr /ip4/... format
-bincode = { version = "=1.3.3" } # 2025-11-16 sw: Binary serialization for gossip messages
+bincode = { version = "=3.0.0" } # 2025-11-16 sw: Binary serialization for gossip messages
 bytes = { version = "^1.10.1" } # 2025-11-16 sw: Zero-copy byte buffers
 rand = { version = "=0.8.5" } # 2025-11-16 sw: Random peer selection for gossip
 backoff = { version = "=0.4.0" } # 2025-11-16 sw: Retry logic with exponential backoff
diff --git a/crates/foundry/Cargo.toml b/crates/foundry/Cargo.toml
index cf09154..67d2438 100644
--- a/crates/foundry/Cargo.toml
+++ b/crates/foundry/Cargo.toml
@@ -8,7 +8,7 @@ publish = false
 
 [dependencies]
 anyhow = { workspace = true }
-bincode = "1.3"
+bincode = "3.0"
 bytes = { workspace = true }
 dashmap = "5.5.3"
 futures = { workspace = true }
diff --git a/crates/scaling/Cargo.toml b/crates/scaling/Cargo.toml
index 5c761d3..c5fccf9 100644
--- a/crates/scaling/Cargo.toml
+++ b/crates/scaling/Cargo.toml
@@ -23,7 +23,7 @@ futures = { workspace = true }
 raft-rs = { workspace = true, optional = true }
 bytes = "1"
 blake3 = { workspace = true }
-bincode = "1"
+bincode = "3"
 hex = "0.4"
 socket2 = { version = "0.5", features = ["all"] }
 dashmap = "5"