Skip to content

chore(deps): update dependency orjson to v3.11.6#21

Open
mend-for-github-com[bot] wants to merge 1 commit intomainfrom
whitesource-remediate/orjson-3.x
Open

chore(deps): update dependency orjson to v3.11.6#21
mend-for-github-com[bot] wants to merge 1 commit intomainfrom
whitesource-remediate/orjson-3.x

Conversation

@mend-for-github-com
Copy link
Copy Markdown

@mend-for-github-com mend-for-github-com bot commented Feb 11, 2026

This PR contains the following updates:

Package Update Change
orjson (changelog) minor ==3.10.14==3.11.6

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity CVSS Score Vulnerability Reachability
High High 7.5 CVE-2025-67221

Release Notes

ijl/orjson (orjson)

v3.11.6

Compare Source

Changed
  • orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
  • Drop support for Python 3.9.
  • ABI compatibility with CPython 3.15 alpha 5.
  • Build now depends on Rust 1.89 or later instead of 1.85.
Fixed
  • Fix sporadic crash serializing deeply nested list of dict.

v3.11.5

Compare Source

Changed
  • Show simple error message instead of traceback when attempting to
    build on unsupported Python versions.

v3.11.4

Compare Source

Changed
  • ABI compatibility with CPython 3.15 alpha 1.
  • Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7,
    manylinux ppc64le, manylinux s390x.
  • Build now requires a C compiler.

v3.11.3

Compare Source

Fixed
  • Fix PyPI project metadata when using maturin 1.9.2 or later.

v3.11.2

Compare Source

Fixed
  • Fix build using Rust 1.89 on amd64.
Changed
  • Build now depends on Rust 1.85 or later instead of 1.82.

v3.11.1

Compare Source

Changed
  • Publish PyPI wheels for CPython 3.14.
Fixed
  • Fix str on big-endian architectures. This was introduced in 3.11.0.

v3.11.0

Compare Source

Changed
  • Use a deserialization buffer allocated per request instead of a shared
    buffer allocated on import.
  • ABI compatibility with CPython 3.14 beta 4.

v3.10.18

Compare Source

Fixed
  • Fix incorrect escaping of the vertical tabulation character. This was
    introduced in 3.10.17.

v3.10.17

Compare Source

Changed
  • Publish PyPI Windows aarch64/arm64 wheels.
  • ABI compatibility with CPython 3.14 alpha 7.
  • Fix incompatibility running on Python 3.13 using WASM.

v3.10.16

Compare Source

Changed
  • Improve performance of serialization on amd64 machines with AVX-512.
  • ABI compatibility with CPython 3.14 alpha 6.
  • Drop support for Python 3.8.
  • Publish additional PyPI wheels for macOS that target only aarch64, macOS 15,
    and recent Python.

v3.10.15

Compare Source

Changed
  • Publish PyPI manylinux aarch64 wheels built and tested on aarch64.
  • Publish PyPI musllinux aarch64 and arm7l wheels built and tested on aarch64.
  • Publish PyPI manylinux Python 3.13 wheels for i686, arm7l, ppc64le, and s390x.
  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Feb 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

security fix Security fix generated by Mend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants