serde-rs
PrettyFormatter::with_indent allows generating non-utf8 output
Because PrettyFormatter::with_indent takes a &[u8] as indent a user can generate a non-utf8 serialized output by providing a non-utf8 indent.
This doesn't currently provide any unsoundness as currently you can only serialize using a custom PrettyFormatter to an io::Write which doesn't give any guarantees that the output is valid json. But it still makes it easy to accidentally break the "We do not emit invalid UTF-8" guaranties, or create issues downstream for any user not realizing that that guarantee doesn't always hold when serializing directly to an io::Write.
So while there is probably no need for direct action here, changing the ident to a &str whenever a new major version is released removes any possible problems here.
