COOLJAPAN
← All posts
May 3, 2026 • 4 min read

OxiCode 0.2.2 Released — Dependency Hardening and Pure Rust Compression, Bumped

A focused OxiCode patch: a deny.toml policy gate to ban unsafe or incompatible crates, the bincode dev-dependency pinned to =2.0.1, OxiARC pure Rust compression bumped to 0.2.7, and more robust temp-file handling in the file-I/O test suite. Same 100% bincode-2.0 binary compatibility, same Pure Rust guarantee.

release oxicode bincode serialization serde pure-rust supply-chain oxiarc

A quiet, careful patch that tightens OxiCode’s supply chain.

Today we released OxiCode 0.2.2 — a maintenance release that hardens dependencies, locks down policy, and shores up the test suite. No API changes, no wire-format changes: it’s a clean, safe bump for everyone already on the 0.2 line.

No C. No Fortran. No FFI creeping in through a transitive dependency.
OxiCode remains a pure-Rust binary codec that compiles to a single static binary (or WASM).

Why 0.2.2 matters

Serialization sits at the trust boundary of a lot of systems, so its dependency graph deserves the same scrutiny as its hot loops. 0.2.2 is about exactly that: making sure nothing unexpected — unsafe, C-linked, or API-breaking — can sneak into the build, and making the test suite reliable under parallel execution.

It is a small changeset on purpose. Patch releases should reduce risk, not add it.

Technical Deep Dive: what changed under the hood

  1. A policy gate at the dependency layer
    0.2.2 adds a deny.toml configuration for cargo-deny, enforcing the project’s dependency policy — banning unsafe or incompatible crates before they can land. This turns the COOLJAPAN Pure Rust posture into something CI can mechanically check, not just a convention.

  2. A pinned, predictable test baseline
    The bincode dev-dependency is now pinned to =2.0.1, preventing the incompatible API changes in the 3.x line from breaking the byte-for-byte compatibility tests. OxiCode’s runtime never depended on bincode — this pin only governs the compatibility test harness — but locking it keeps “100% bincode-2.0 compatible” a reproducible claim.

  3. Pure Rust compression, bumped
    The OxiARC compression backends move up to 0.2.7, carrying through the latest pure-Rust LZ4 and Zstd improvements. No C zlib, no zstd FFI — compression stays 100% Rust under compression-lz4 / compression-zstd.

  4. Reliable file-I/O tests
    Temp-file uniqueness in the file_io_advanced13 tests now uses a process-ID suffix, eliminating collisions when suites run concurrently. Shared domain types were added for the nested_structs_advanced17 suite, and cargo fmt --all cleaned up formatting drift across benchmark and test files.

Getting Started

cargo add oxicode

Nothing about your code changes — the round-trip API is identical to the rest of 0.2:

use oxicode::{Encode, Decode};

#[derive(Encode, Decode, PartialEq, Debug)]
struct Record {
    id: u64,
    name: String,
}

fn main() -> Result<(), Box<dyn std::error::Error>> {
    let record = Record { id: 42, name: "telemetry".into() };

    let bytes = oxicode::encode_to_vec(&record)?;
    let (decoded, _): (Record, _) = oxicode::decode_from_slice(&bytes)?;

    assert_eq!(record, decoded);
    Ok(())
}

What’s New in 0.2.2

Tips

This is the foundation

OxiCode is the serialization layer underneath the COOLJAPAN data stack — checkpoints for SciRS2 and NumRS2, tensor buffers for ToRSh, and archive-embedded payloads alongside OxiARC. A patch like 0.2.2 keeps that layer boring in the best way: auditable, reproducible, and entirely free of C and Fortran.

Repository: https://github.com/cool-japan/oxicode

Star the repo if you want a binary serializer whose supply chain is as clean as its hot path.

Pure Rust binary serialization is here — fast, compatible, and sovereign.

KitaSan at COOLJAPAN OÜ May 3, 2026

↑ Back to all posts