Upgrade Core to aa314809fdb59ed6fcb1b10b3087f32eebf708c5

[jviotti]

Signed-off-by: Juan Cruz Viotti jv@jviotti.com

[cubic-dev-ai]

No issues found across 334 files

_{Note: This PR contains a large number of files. cubic only reviews up to 75 files per PR, so some files may not have been reviewed. cubic prioritizes the most important files to review.
On a pro plan you can use ultrareview for larger PRs.}

[augmentcode]

🤖 Augment PR Summary

Summary: Updates vendored dependencies (Core and Blaze) to newer revisions, and adapts JSONBinPack’s runtime I/O helpers to the updated Core APIs.

Changes:

• Bumped core and blaze pins in DEPENDENCIES (and updated vendored trees accordingly).
• Runtime InputStream/OutputStream now build on Core’s BinaryReader/BinaryWriter abstractions.
• Replaced the standalone varint.h helper with inline varint encode/decode logic in the stream implementation files.
• Updated date-triplet encoding to use word writes (put_word) rather than raw byte writes.
• Adjusted runtime CMake linkage to include the Core I/O component (sourcemeta::core::io).
• Vendor Blaze picks up additional optional components (e.g., codegen/documentation) and related test/doc assets.

Technical Notes: The runtime stream changes centralize endian handling in Core’s I/O layer and reduce local I/O code duplication, but also introduce a new explicit dependency on Core’s I/O target for consumers.

_{🤖 Was this summary useful? React with 👍 or 👎}

[augmentcode]

Review completed. 2 suggestions posted.

Comment augment review to trigger a new review at any time.

[augmentcode]

InputStream::get_varint() lets cursor grow without a hard cap, so value << (SHIFT * cursor) becomes undefined once the shift reaches/exceeds 64 bits (and a malformed varint can also force a long decode loop). Consider enforcing a maximum byte count for 64-bit varints before shifting.

Severity: medium

_{🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.}

[augmentcode]

Runtime now links against sourcemeta::core::io, but config.cmake.in still calls find_dependency(Core COMPONENTS ...) without io, which can break consumers using find_package(JSONBinPack). Consider adding the Core io component there to match the runtime target’s transitive requirements.

Severity: medium

_{🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.}