fix(crypto): drop dangling serde_json/std refs in 4 crypto crates (#1420)

drewstone · web-flow · commit bed53cbfa619 · 2026-05-17T16:40:50.000+02:00
* chore(deps): bump tnt-core-bindings 0.17.0 → 0.17.1 (crates.io) v0.17.1 lands the post-audit follow-up batch: - M-2 escrow rescue: `withdrawRemainingEscrowTo(serviceId, to)` — owner-chosen recipient escape hatch when escrow token blocklists the service owner. - H-1 oracle snapshot at activation/join — per-(serviceId, op, asset) USD price pinned at activation; post-activation oracle drift cannot inflate one operator's bill share against honest co-operators. - F-001 pull-payment staker forward — distributor pulls ERC20 via `safeTransferFrom`; reverting distributor no longer strands tokens. - Governance-tunable operator cap — `setMaxOperatorsPerService` / `maxOperatorsPerService` view, default 256 (was hardcoded 64). - New events: PushTransferFailed, PriceOracleFallback, MaxOperatorsPerServiceUpdated. Switches off the git-branch pin and onto the published crates.io release. `cargo check --workspace` clean — no ABI break sites in the workspace. * chore(release): bump workspace to alpha.5 — tnt-core-bindings v0.17.1 + audit follow-up Per-crate prerelease bump preserving each crate's major/minor lineage: - blueprint-* core/sdk/runner/etc.: 0.2.0-alpha.4 → 0.2.0-alpha.5 - blueprint-manager: 0.4.0-alpha.3 → 0.4.0-alpha.4 - blueprint-pricing-engine: 0.3.0-alpha.3 → 0.3.0-alpha.4 - cargo-tangle: 0.5.0-alpha.3 → 0.5.0-alpha.4 Picks up tnt-core-bindings v0.17.1 transitively (M-2 escrow rescue, H-1 oracle snapshot, F-001 pull-payment, governance-tunable operator cap). * fix(crypto-bls): remove dangling serde_json/std feature reference `serde_json` is a dev-dependency, not a top-level dep — its `std` feature can't be activated from the package's own `std` feature gate. Cargo's strict manifest validation rejects this on publish. Triggered by `cargo workspaces publish` halting on: > error: feature `std` includes `serde_json/std`, but `serde_json` is not a dependency * fix(crypto): drop dangling serde_json/std refs in crypto crates Same bug as #1419 in 4 more crypto crates (ed25519, bn254, sr25519, k256). serde_json is only a dev-dependency in these crates; referencing its `std` feature from the package's own `std` feature is a manifest validation error that halts `cargo publish`. Removed the dangling references; serde_json isn't used in non-test paths.
diff --git a/crates/crypto/bn254/Cargo.toml b/crates/crypto/bn254/Cargo.toml
@@ -36,7 +36,6 @@ std = [
 	"blueprint-crypto-core/std",
 	"blueprint-std/std",
 	"serde/std",
-	"serde_json/std",
 	"serde_bytes/std",
 	"ark-bn254/std",
 	"ark-ec/std",
diff --git a/crates/crypto/ed25519/Cargo.toml b/crates/crypto/ed25519/Cargo.toml
@@ -29,7 +29,6 @@ std = [
 	"blueprint-crypto-core/std",
 	"blueprint-std/std",
 	"serde/std",
-	"serde_json/std",
 	"serde_bytes/std",
 	"ed25519-zebra/std",
 ]
diff --git a/crates/crypto/k256/Cargo.toml b/crates/crypto/k256/Cargo.toml
@@ -31,7 +31,6 @@ std = [
 	"blueprint-crypto-core/std",
 	"blueprint-std/std",
 	"serde/std",
-	"serde_json/std",
 	"serde_bytes/std",
 	"k256/std",
 ]
diff --git a/crates/crypto/sr25519/Cargo.toml b/crates/crypto/sr25519/Cargo.toml
@@ -29,7 +29,6 @@ std = [
 	"blueprint-crypto-core/std",
 	"blueprint-std/std",
 	"serde/std",
-	"serde_json/std",
 	"serde_bytes/std",
 	"schnorrkel/std",
 ]

Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,6 @@ std = [`
`29`	`29`	`"blueprint-crypto-core/std",`
`30`	`30`	`"blueprint-std/std",`
`31`	`31`	`"serde/std",`
`32`		`- "serde_json/std",`
`33`	`32`	`"serde_bytes/std",`
`34`	`33`	`"ed25519-zebra/std",`
`35`	`34`	`]`
Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,6 @@ std = [`
`31`	`31`	`"blueprint-crypto-core/std",`
`32`	`32`	`"blueprint-std/std",`
`33`	`33`	`"serde/std",`
`34`		`- "serde_json/std",`
`35`	`34`	`"serde_bytes/std",`
`36`	`35`	`"k256/std",`
`37`	`36`	`]`