Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bump ujson from 4.0.2 to 5.7.0 (#104)
Bumps [ujson](https://github.com/ultrajson/ultrajson) from 4.0.2 to 5.7.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ultrajson/ultrajson/releases">ujson's releases</a>.</em></p> <blockquote> <h2>5.7.0</h2> <h2>Added</h2> <ul> <li>Support ujson.loads(bytearray(...)) and other bytes-like objects. (<a href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/573">#573</a>) <a href="https://github.com/bwoodsend"><code>@bwoodsend</code></a></li> </ul> <h2>5.6.0</h2> <h2>Added</h2> <ul> <li>Update vendored double-conversion to 3.2.1 (<a href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/570">#570</a>) <a href="https://github.com/joemarshall"><code>@joemarshall</code></a></li> </ul> <h2>Fixed</h2> <ul> <li>Fix len integer overflow issue (<a href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/567">#567</a>) <a href="https://github.com/marioga"><code>@marioga</code></a></li> </ul> <h2>5.5.0</h2> <h2>Added</h2> <ul> <li>Add support for Python 3.11 and PyPy3.9 (<a href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/564">#564</a>) <a href="https://github.com/hugovk"><code>@hugovk</code></a></li> <li>Add separators encoding parameter (<a href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/557">#557</a>) <a href="https://github.com/JustAnotherArchivist"><code>@JustAnotherArchivist</code></a></li> </ul> <h2>Fixed</h2> <ul> <li>Fix encoding of infinity (<a href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/80">#80</a>). (<a href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/562">#562</a>) <a href="https://github.com/bwoodsend"><code>@bwoodsend</code></a></li> </ul> <h2>5.4.0</h2> <h2>Added</h2> <ul> <li>Add support for arbitrary size integers (<a href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/548">#548</a>) <a href="https://github.com/JustAnotherArchivist"><code>@JustAnotherArchivist</code></a></li> </ul> <h2>Fixed</h2> <ul> <li>CVE-2022-31116: <ul> <li>Replace <code>wchar_t</code> string decoding implementation with a <code>uint32_t</code>-based one (<a href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/555">#555</a>) <a href="https://github.com/JustAnotherArchivist"><code>@JustAnotherArchivist</code></a></li> <li>Fix handling of surrogates on decoding (<a href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/550">#550</a>) <a href="https://github.com/JustAnotherArchivist"><code>@JustAnotherArchivist</code></a></li> </ul> </li> <li>CVE-2022-31117: Potential double free of buffer during string decoding <a href="https://github.com/JustAnotherArchivist"><code>@JustAnotherArchivist</code></a></li> <li>Fix memory leak on encoding errors when the buffer was resized (<a href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/549">#549</a>) <a href="https://github.com/JustAnotherArchivist"><code>@JustAnotherArchivist</code></a></li> <li>Integer parsing: always detect overflows (<a href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/544">#544</a>) <a href="https://github.com/NaN-git"><code>@NaN-git</code></a></li> <li>Fix handling of surrogates on encoding (<a href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/530">#530</a>) <a href="https://github.com/JustAnotherArchivist"><code>@JustAnotherArchivist</code></a></li> </ul> <h2>5.3.0</h2> <h2>Added</h2> <ul> <li>Test Python 3.11 beta (<a href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/539">#539</a>) <a href="https://github.com/hugovk"><code>@hugovk</code></a></li> </ul> <h2>Changed</h2> <ul> <li>Benchmark refactor - argparse CLI (<a href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/533">#533</a>) <a href="https://github.com/Erotemic"><code>@Erotemic</code></a></li> </ul> <h2>Fixed</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ultrajson/ultrajson/commit/7ae42dc18d84da80865e61b19f9b74f75fb80137"><code>7ae42dc</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/575">#575</a> from ultrajson/pre-commit-ci-update-config</li> <li><a href="https://github.com/ultrajson/ultrajson/commit/6811883090083c8987a28ead04ff8561c710db51"><code>6811883</code></a> [pre-commit.ci] pre-commit autoupdate</li> <li><a href="https://github.com/ultrajson/ultrajson/commit/1876c02e0fd765895670d04591422202950a4358"><code>1876c02</code></a> Limit loading from bytes-like to just bytes() and bytearray() on PyPy.</li> <li><a href="https://github.com/ultrajson/ultrajson/commit/87dd1173aecccc87729426afb75c651cf2094bd1"><code>87dd117</code></a> Support ujson.loads(bytearray(...)) and other bytes-like objects.</li> <li><a href="https://github.com/ultrajson/ultrajson/commit/18607247be7c8a2d884396888fda3e514c7db612"><code>1860724</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/571">#571</a> from ultrajson/all-repos_autofix_add-3.12-dev</li> <li><a href="https://github.com/ultrajson/ultrajson/commit/abb49512bff1216afd83c6fd82d25170df21a82d"><code>abb4951</code></a> Test Python 3.12-dev</li> <li><a href="https://github.com/ultrajson/ultrajson/commit/2907fdebe6183127847d8f3bc8b8b2659a72c879"><code>2907fde</code></a> Update vendored double-conversion to 3.2.1 (<a href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/570">#570</a>)</li> <li><a href="https://github.com/ultrajson/ultrajson/commit/13da58c86d9bbb833cdc9cd89a51a2b483fd3eeb"><code>13da58c</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/569">#569</a> from ultrajson/3.11-dev-to-3.11</li> <li><a href="https://github.com/ultrajson/ultrajson/commit/7d5e8fc1c6c7d4760763b05b32642cd889e299a4"><code>7d5e8fc</code></a> Replace 3.11-dev with 3.11</li> <li><a href="https://github.com/ultrajson/ultrajson/commit/87c74e3da170e282a68751cec5a0843d25033e51"><code>87c74e3</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/568">#568</a> from ultrajson/all-repos_autofix_all-repos-sed</li> <li>Additional commits viewable in <a href="https://github.com/ultrajson/ultrajson/compare/4.0.2...5.7.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ujson&package-manager=pip&previous-version=4.0.2&new-version=5.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Loading branch information