From 5dc60c04035a4b00dfee02916d2468557a327505 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 9 Mar 2026 03:12:08 +0000
Subject: [PATCH] deps(deps): bump the serde-stack group with 2 updates

Bumps the serde-stack group with 2 updates: [serde_json](https://github.com/serde-rs/json) and [bincode](https://github.com/bincode-org/bincode).


Updates `serde_json` from 1.0.145 to 1.0.149
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.145...v1.0.149)

Updates `bincode` from 1.3.3 to 2.0.1
- [Commits](https://github.com/bincode-org/bincode/commits)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-version: 1.0.149
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: serde-stack
- dependency-name: bincode
  dependency-version: 2.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: serde-stack
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Cargo.lock                | 56 ++++++++++++++++++++++++++++++++-------
 Cargo.toml                |  4 +--
 crates/foundry/Cargo.toml |  2 +-
 crates/scaling/Cargo.toml |  2 +-
 4 files changed, 51 insertions(+), 13 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index b45ee9b..2d836aa 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -559,6 +559,26 @@ dependencies = [
  "serde",
 ]
 
+[[package]]
+name = "bincode"
+version = "2.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "36eaf5d7b090263e8150820482d5d93cd964a81e4019913c972f4edcc6edb740"
+dependencies = [
+ "bincode_derive",
+ "serde",
+ "unty",
+]
+
+[[package]]
+name = "bincode_derive"
+version = "2.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bf95709a440f45e986983918d0e8a1f30a9b1df04918fc828670606804ac3c09"
+dependencies = [
+ "virtue",
+]
+
 [[package]]
 name = "bindgen"
 version = "0.59.2"
@@ -909,7 +929,7 @@ dependencies = [
  "anyhow",
  "async-stream",
  "async-trait",
- "bincode",
+ "bincode 2.0.1",
  "blake3",
  "bytes",
  "common",
@@ -2048,7 +2068,7 @@ name = "federation"
 version = "0.1.0"
 dependencies = [
  "anyhow",
- "bincode",
+ "bincode 2.0.1",
  "blake3",
  "capsule-registry",
  "common",
@@ -2130,7 +2150,7 @@ name = "foundry"
 version = "0.1.0"
 dependencies = [
  "anyhow",
- "bincode",
+ "bincode 2.0.1",
  "bytes",
  "capsule-registry",
  "common",
@@ -2581,7 +2601,7 @@ version = "0.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "085f262d7604911c8150162529cefab3782e91adb20202e8658f7275d2aefe5d"
 dependencies = [
- "bincode",
+ "bincode 1.3.3",
  "futures",
  "gloo-utils",
  "gloo-worker-macros",
@@ -2612,7 +2632,7 @@ version = "0.1.0"
 dependencies = [
  "anyhow",
  "async-trait",
- "bincode",
+ "bincode 2.0.1",
  "bytes",
  "futures",
  "hmac",
@@ -6203,7 +6223,7 @@ version = "0.1.0"
 dependencies = [
  "anyhow",
  "async-trait",
- "bincode",
+ "bincode 2.0.1",
  "blake3",
  "bytes",
  "common",
@@ -6353,15 +6373,15 @@ dependencies = [
 
 [[package]]
 name = "serde_json"
-version = "1.0.145"
+version = "1.0.149"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "402a6f66d8c709116cf22f558eab210f5a50187f702eb4d7e5ef38d9a7f1c79c"
+checksum = "83fc039473c5595ace860d8c4fafa220ff474b3fc6bfdb4293327f1a37e94d86"
 dependencies = [
  "itoa",
  "memchr",
- "ryu",
  "serde",
  "serde_core",
+ "zmij",
 ]
 
 [[package]]
@@ -7993,6 +8013,12 @@ version = "0.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
 
+[[package]]
+name = "unty"
+version = "0.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6d49784317cd0d1ee7ec5c716dd598ec5b4483ea832a2dced265471cc0f690ae"
+
 [[package]]
 name = "ureq"
 version = "2.12.1"
@@ -8159,6 +8185,12 @@ version = "0.9.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a"
 
+[[package]]
+name = "virtue"
+version = "0.0.18"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "051eb1abcf10076295e815102942cc58f9d5e3b4560e46e53c21e8ff6f3af7b1"
+
 [[package]]
 name = "void"
 version = "1.0.2"
@@ -9390,6 +9422,12 @@ dependencies = [
  "zopfli",
 ]
 
+[[package]]
+name = "zmij"
+version = "1.0.21"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b8848ee67ecc8aedbaf3e4122217aff892639231befc6a1b58d29fff4c2cabaa"
+
 [[package]]
 name = "zopfli"
 version = "0.8.3"
diff --git a/Cargo.toml b/Cargo.toml
index c5ed55c..bf48fed 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -66,7 +66,7 @@ semver = { version = "^1.0.27" } # 2025-11-03 sw: version range evaluation for d
 
 # Tier 0 — cryptography, serialization, dedup core (2025-11-03 sw; see docs/dependency-security.md#tier-0)
 serde = { version = "=1.0.228", features = ["derive"] } # 2025-11-03 sw: canonical serialization; CT reviewed
-serde_json = { version = "=1.0.145" } # 2025-11-03 sw: deterministic JSON for protocol surfaces
+serde_json = { version = "=1.0.149" } # 2025-11-03 sw: deterministic JSON for protocol surfaces
 serde_yaml = { version = "0.9" } # YAML parsing for CLI policies
 blake3 = { version = "=1.8.3" } # 2025-11-03 sw: convergent hash, SIMD constant-time per upstream audit
 bloomfilter = { version = "=1.0.13" } # 2025-11-03 sw: dedupe candidate screening, bounded memory
@@ -98,7 +98,7 @@ libp2p-tcp = { version = "=0.41.0", default-features = false, features = ["tokio
 libp2p-noise = { version = "=0.44.0" } # 2025-11-16 sw: Noise handshake
 libp2p-yamux = { version = "=0.45.2" } # 2025-11-16 sw: Yamux multiplexer
 multiaddr = { version = "=0.18.2" } # 2025-11-16 sw: Multiaddr /ip4/... format
-bincode = { version = "=1.3.3" } # 2025-11-16 sw: Binary serialization for gossip messages
+bincode = { version = "=2.0.1" } # 2025-11-16 sw: Binary serialization for gossip messages
 bytes = { version = "^1.10.1" } # 2025-11-16 sw: Zero-copy byte buffers
 rand = { version = "=0.8.5" } # 2025-11-16 sw: Random peer selection for gossip
 backoff = { version = "=0.4.0" } # 2025-11-16 sw: Retry logic with exponential backoff
diff --git a/crates/foundry/Cargo.toml b/crates/foundry/Cargo.toml
index cf09154..a60589e 100644
--- a/crates/foundry/Cargo.toml
+++ b/crates/foundry/Cargo.toml
@@ -8,7 +8,7 @@ publish = false
 
 [dependencies]
 anyhow = { workspace = true }
-bincode = "1.3"
+bincode = "2.0"
 bytes = { workspace = true }
 dashmap = "5.5.3"
 futures = { workspace = true }
diff --git a/crates/scaling/Cargo.toml b/crates/scaling/Cargo.toml
index 941b8b5..acaefc3 100644
--- a/crates/scaling/Cargo.toml
+++ b/crates/scaling/Cargo.toml
@@ -23,7 +23,7 @@ futures = { workspace = true }
 raft-rs = { workspace = true, optional = true }
 bytes = "1"
 blake3 = { workspace = true }
-bincode = "1"
+bincode = "2"
 hex = "0.4"
 socket2 = { version = "0.5", features = ["all"] }
 dashmap = "5"