Skip to content

Bump orjson from 3.9.10 to 3.10.16 #521

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 120 commits into
base: develop
Choose a base branch
from
Open

Bump orjson from 3.9.10 to 3.10.16 #521

wants to merge 120 commits into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Mar 31, 2025
edited
Loading

Bumps orjson from 3.9.10 to 3.10.16.

Release notes

Sourced from orjson's releases.

3.10.16

Changed

  • Improve performance of serialization on amd64 machines with AVX-512.
  • ABI compatibility with CPython 3.14 alpha 6.
  • Drop support for Python 3.8.
  • Publish additional PyPI wheels for macOS that target only aarch64, macOS 15, and recent Python.

3.10.15

Changed

  • Publish PyPI manylinux aarch64 wheels built and tested on aarch64.
  • Publish PyPI musllinux aarch64 and arm7l wheels built and tested on aarch64.
  • Publish PyPI manylinux Python 3.13 wheels for i686, arm7l, ppc64le, and s390x.

3.10.14

Changed

  • Specify build system dependency on maturin>=1,<2 again.
  • Allocate memory using PyMem_Malloc() and similar APIs for integration with pymalloc, mimalloc, and tracemalloc.
  • Source distribution does not ship compressed test documents and relevant tests skip if fixtures are not present.
  • Build now depends on Rust 1.82 or later instead of 1.72.

3.10.13

Changed

  • Fix compatibility with maturin introducing a breaking change in 1.8.0 and specify a fixed version of maturin. Projects relying on any previous version being buildable from source by end users (via PEP 517) must upgrade to at least this version.

3.10.12

Changed

  • Publish PyPI manylinux i686 wheels.
  • Publish PyPI musllinux i686 and arm7l wheels.
  • Publish PyPI macOS wheels for Python 3.10 or later built on macOS 15.
  • Publish PyPI Windows wheels using trusted publishing.

3.10.11

Changed

  • Improve performance of UUIDs.
  • Publish PyPI wheels with trusted publishing and PEP 740 attestations.
  • Include text of licenses for vendored dependencies.

3.10.10

... (truncated)

Changelog

Sourced from orjson's changelog.

3.10.16

Changed

  • Improve performance of serialization on amd64 machines with AVX-512.
  • ABI compatibility with CPython 3.14 alpha 6.
  • Drop support for Python 3.8.
  • Publish additional PyPI wheels for macOS that target only aarch64, macOS 15, and recent Python.

3.10.15

Changed

  • Publish PyPI manylinux aarch64 wheels built and tested on aarch64.
  • Publish PyPI musllinux aarch64 and arm7l wheels built and tested on aarch64.
  • Publish PyPI manylinux Python 3.13 wheels for i686, arm7l, ppc64le, and s390x.

3.10.14

Changed

  • Specify build system dependency on maturin>=1,<2 again.
  • Allocate memory using PyMem_Malloc() and similar APIs for integration with pymalloc, mimalloc, and tracemalloc.
  • Source distribution does not ship compressed test documents and relevant tests skip if fixtures are not present.
  • Build now depends on Rust 1.82 or later instead of 1.72.

3.10.13

Changed

  • Fix compatibility with maturin introducing a breaking change in 1.8.0 and specify a fixed version of maturin. Projects relying on any previous version being buildable from source by end users (via PEP 517) must upgrade to at least this version.

3.10.12

Changed

  • Publish PyPI manylinux i686 wheels.
  • Publish PyPI musllinux i686 and arm7l wheels.
  • Publish PyPI macOS wheels for Python 3.10 or later built on macOS 15.
  • Publish PyPI Windows wheels using trusted publishing.

... (truncated)

Commits
  • 1d8b352 3.10.16
  • b0a91df Use function pointers for AVX-512 path
  • 56d6457 Fix various lints and set debug_asserts
  • 53d137e pydict_setitem!()
  • 5ae468a ABI compatibility with CPython 3.14 PyASCIIObject.state
  • 5b2481d build maintenance, check-pypi, drop support for 3.8
  • 268b660 3.10.15
  • 7f93738 manylinux aarch64 native, more 3.13 cross artifact jobs
  • 1534f8c 3.10.14
  • 3964617 Fix CI to use python3.13t interpreter
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

snyk-bot and others added 30 commits July 6, 2023 01:11
@snyk-bot
fix: docker/Dockerfile.armhf to reduce vulnerabilities
8582a89 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3368735
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291773
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291777
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5661566
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5661566
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
2f3a5a2 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5777683
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
ea04fa6 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-5798483
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
882b2f7 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813745
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813746
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813750
@snyk-bot
fix: docker/Dockerfile.armhf to reduce vulnerabilities
fff59c2 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3368735
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3368735
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291773
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291777
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5661566
@snyk-bot
fix: docker/Dockerfile.armhf to reduce vulnerabilities
4dc89b6 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3368735
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3368735
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291773
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291777
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5661566
@snyk-bot
fix: docker/Dockerfile.armhf to reduce vulnerabilities
f132d62 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3368735
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3368735
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291773
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291777
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5661566
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
1064ba7 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5914629
@snyk-bot
fix: requirements-freqai.txt to reduce vulnerabilities
bac6a1f 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
a286446 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PYDANTIC-5907722
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
8ce0c81 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PYDANTIC-5926694
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
54b2cd0 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5926907
@snyk-bot
fix: docker/Dockerfile.armhf to reduce vulnerabilities
90da97f 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
53e482b 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459
@snyk-bot
fix: requirements-freqai.txt to reduce vulnerabilities
5476cad 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878
@xsa-dev
Merge pull request #253 from xsa-dev/snyk-fix-c2f0658a39d91c39fc168f3…
4655363 
…b06a4ce13
@snyk-bot
fix: requirements-freqai.txt to reduce vulnerabilities
3b04352 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
eb28aec 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6036192
@xsa-dev
Merge branch 'freqtrade:develop' into develop
0b2a37a
@snyk-bot
fix: docker/Dockerfile.armhf to reduce vulnerabilities
64d1366 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
@snyk-bot
fix: docker/Dockerfile.armhf to reduce vulnerabilities
a7d94ba 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
@xsa-dev
Merge branch 'freqtrade:develop' into develop
1c0e622
@xsa-dev
Merge branch 'freqtrade:develop' into develop
314bb66
@dependabot
Bump scikit-learn from 1.1.3 to 1.3.2
6cc70fd 
Bumps [scikit-learn](https://github.com/scikit-learn/scikit-learn) from 1.1.3 to 1.3.2.
- [Release notes](https://github.com/scikit-learn/scikit-learn/releases)
- [Commits](scikit-learn/scikit-learn@1.1.3...1.3.2)

---
updated-dependencies:
- dependency-name: scikit-learn
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@snyk-bot
fix: docker/Dockerfile.armhf to reduce vulnerabilities
a643c46 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3368735
@xsa-dev
Merge branch 'freqtrade:develop' into develop
92fe222
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
4cb5a2a 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6092044
@snyk-bot
fix: docker/Dockerfile.armhf to reduce vulnerabilities
ef5baf7 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
@xsa-dev
Merge branch 'freqtrade:develop' into develop
840dad6
@snyk-bot
fix: requirements-freqai.txt to reduce vulnerabilities
03515a2 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-FONTTOOLS-6133203
xsa-dev and others added 25 commits January 26, 2024 11:08
@xsa-dev
Merge pull request #231 from xsa-dev/snyk-fix-76963d7a6d676347a75f1ee…
c0b37bb 
…4c84cc0a6

[Snyk] Security upgrade pydantic from 2.3.0 to 2.4.0
@xsa-dev
Merge branch 'develop' into snyk-fix-176ea099dbab023d47a53873ca849099
ccd4a28
@xsa-dev
Merge pull request #316 from xsa-dev/snyk-fix-176ea099dbab023d47a5387…
1828172 
…3ca849099

[Snyk] Security upgrade fonttools from 4.38.0 to 4.43.0
@xsa-dev
Merge branch 'develop' into snyk-fix-b1be591ed9395036d0e658e440812886
41ee0b2
@xsa-dev
Merge pull request #320 from xsa-dev/snyk-fix-b1be591ed9395036d0e658e…
b2fe24c 
…440812886

[Snyk] Fix for 11 vulnerabilities
@xsa-dev
Merge branch 'develop' into snyk-fix-211a5afe0a2ab0f97dd03bee2fbbe48d
ef5b4ca
@xsa-dev
Merge pull request #322 from xsa-dev/snyk-fix-211a5afe0a2ab0f97dd03be…
7de40d5 
…e2fbbe48d

[Snyk] Fix for 10 vulnerabilities
@snyk-bot
fix: requirements-freqai.txt to reduce vulnerabilities
407790e 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-FONTTOOLS-6133203
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970
@xsa-dev
Merge branch 'develop' into snyk-fix-d182d64243359b51d2ac903e90b8cb39
199ebbf
@xsa-dev
Merge pull request #325 from xsa-dev/snyk-fix-d182d64243359b51d2ac903…
e458bf1 
…e90b8cb39

[Snyk] Fix for 5 vulnerabilities
@xsa-dev
Merge pull request #327 from xsa-dev/snyk-fix-65accae55f244e45935b2b3…
5dc8784 
…ada47db31

[Snyk] Fix for 4 vulnerabilities
@xsa-dev
Merge pull request #324 from xsa-dev/snyk-fix-36c26a8f16f10c0e4378b96…
d5bd167 
…a5d329382

[Snyk] Fix for 3 vulnerabilities
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
84e8bf1 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6091621
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6091622
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6092044
@xsa-dev
Merge pull request #328 from xsa-dev/snyk-fix-6af27529f8e958427311a08…
b501426 
…1c8d5ab8b

[Snyk] Fix for 3 vulnerabilities
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
229098d 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6050294
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6126975
@xsa-dev
Merge pull request #330 from xsa-dev/snyk-fix-6046bb06b38c53315f31e58…
a63c03b 
…559fcba96

[Snyk] Security upgrade cryptography from 41.0.6 to 42.0.0
@dependabot
chore(deps): bump peter-evans/dockerhub-description from 3 to 4
efb2a90 
Bumps [peter-evans/dockerhub-description](https://github.com/peter-evans/dockerhub-description) from 3 to 4.
- [Release notes](https://github.com/peter-evans/dockerhub-description/releases)
- [Commits](peter-evans/dockerhub-description@v3...v4)

---
updated-dependencies:
- dependency-name: peter-evans/dockerhub-description
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
495ac9a 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6149518
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6157248
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6210214
@xsa-dev
Merge pull request #342 from xsa-dev/snyk-fix-c9fa9978d4c87bbe943ca32…
38a1ecd 
…c660c24b9

[Snyk] Security upgrade cryptography from 42.0.0 to 42.0.2
@xsa-dev
Merge pull request #341 from xsa-dev/dependabot/github_actions/develo…
a51643b 
…p/peter-evans/dockerhub-description-4

chore(deps): bump peter-evans/dockerhub-description from 3 to 4
@snyk-bot
fix: requirements-freqai.txt to reduce vulnerabilities
f00a2cd 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219984
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219986
@xsa-dev
Merge pull request #345 from xsa-dev/snyk-fix-a1dcb96d68e5d859611eb3c…
6cea9ea 
…dceca636f

[Snyk] Security upgrade pillow from 9.5.0 to 10.2.0
@xsa-dev
remove mypy and discord
859cac0
@xsa-dev
Merge remote-tracking branch 'origin/TheWCKD-1s_timeframe_feature' in…
6239def 
…to develop

# Conflicts:
#	.github/workflows/docker_update_readme.yml
#	docker/Dockerfile.armhf
#	docs/requirements-docs.txt
#	requirements.txt
@dependabot
Bump orjson from 3.9.10 to 3.10.16
ad69745 
Bumps [orjson](https://github.com/ijl/orjson) from 3.9.10 to 3.10.16.
- [Release notes](https://github.com/ijl/orjson/releases)
- [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md)
- [Commits](ijl/orjson@3.9.10...3.10.16)

---
updated-dependencies:
- dependency-name: orjson
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 31, 2025
@dependabot dependabot bot mentioned this pull request Mar 31, 2025
Closed
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Jul 21, 2025

A newer version of orjson exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@snyk-bot @xsa-dev