Skip to content

[Tech] Bump simplejson from 3.20.2 to 4.1.1 in /pipeline#2906

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/pipeline/simplejson-4.1.1
Open

[Tech] Bump simplejson from 3.20.2 to 4.1.1 in /pipeline#2906
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/pipeline/simplejson-4.1.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 1, 2026

Bumps simplejson from 3.20.2 to 4.1.1.

Release notes

Sourced from simplejson's releases.

v4.1.1

What's Changed

Full Changelog: simplejson/simplejson@v4.1.0...v4.1.1

v4.1.0

What's Changed

Full Changelog: simplejson/simplejson@v4.0.1...v4.1.0

v4.0.1

What's Changed

Full Changelog: simplejson/simplejson@v4.0.0...v4.0.1

v4.0.0

What's Changed

Version 4.0.0 released 2026-04-18

  • simplejson 4 requires Python 2.7 or Python 3.8+. Older Python versions (2.5, 2.6, 3.0-3.7) are no longer supported. pip will not install simplejson 4 on unsupported versions.

  • The C extension now uses heap types and per-module state instead of static types and global state. This is required for free-threading support and sub-interpreter isolation. The Python-level API is unchanged.

  • Full support for Python 3.13+ free-threading (PEP 703). The C extension is now safe to use with the GIL disabled (python3.14t):

  • Numerous C extension memory safety fixes:

    • Fix use-after-free and leak in encoder ident handling
    • Fix NULL dereferences on OOM in module init and static string init

... (truncated)

Changelog

Sourced from simplejson's changelog.

Version 4.1.1 released 2026-04-24

  • The build_wheels_py27 CI job now also builds Python 2.7 wheels for Windows AMD64 and Windows x86, joining the existing Py2.7 manylinux1 / manylinux2010 x86_64 wheels. This unblocks offline / --no-index installs on Py2.7-on-Windows (the original reporter's case), which previously had no matching binary wheel on PyPI, fell through to the sdist, and failed on the PEP 517 isolated-build step complaining that setuptools>=42 was not in the wheelhouse. simplejson/simplejson#377

Version 4.1.0 released 2026-04-22

  • The C extension now accelerates encoding when indent= is set. Previously the encoder fell back to the pure-Python implementation whenever a non-None indent was passed; now the C encoder emits the newline-plus-indent prefix, the level-aware item separator, and the closing indent directly. A representative nested-dict workload benchmarks about 4-5x faster end-to-end, and the indent=0 and empty-container edge cases continue to match the Python output byte-for-byte.

  • The C extension now emits PEP 678 exc.add_note() annotations on serialization failures, matching the pure-Python encoder. A chained error on {'a': [1, object(), 3]} produces the same three notes (when serializing object object, when serializing list item 1, when serializing dict item 'a') whether the speedups are loaded or not, so the add_note assertions in test_errors.py no longer need indent=2 to force the Python path.

Version 4.0.1 released 2026-04-18

  • Skip uploading Pyodide/wasm wheels to PyPI, which rejects them with "unsupported platform tag 'pyodide_2024_0_wasm32'". The wheels are still built in CI and preserved as workflow artifacts. simplejson/simplejson#375

Version 4.0.0 released 2026-04-18

  • simplejson 4 requires Python 2.7 or Python 3.8+. Older Python versions (2.5, 2.6, 3.0-3.7) are no longer supported. pip will not install simplejson 4 on unsupported versions.

  • The C extension now uses heap types and per-module state instead of static types and global state. This is required for free-threading support and sub-interpreter isolation. The Python-level API is unchanged.

  • Full support for Python 3.13+ free-threading (PEP 703). The C

... (truncated)

Commits
  • 639b2ee Add Python 2.7 wheel builds for Windows platforms (#378)
  • 0fd3185 Accelerate indented encoding in the C extension; release 4.1.0 (#376)
  • 19b5f94 Exclude Pyodide wheels from PyPI uploads (#375)
  • 1608c05 Use JSONDecodeError for out-of-range end indices in C scanstring (#374)
  • 3bba179 Encoder parity fixes (for_json/_asdict) and TSan stress CI job (#373)
  • 7b22d65 Error parity for the C and Python scanstring in surrogate and truncated strin...
  • 825100a Release version 4.0.0: free-threading, CPython json parity, Python 2.7 fixes ...
  • 0dbb9d8 C extension: dead code cleanup, fast paths for dict/list/string encoding, cor...
  • e2e5f0b Add Python 3.13+ free-threading support to dict operations (#369)
  • e817370 Fix free-threading (3.14t) crashes: heap types, unified per-module state, tem...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
[Tech] Bump simplejson from 3.20.2 to 4.1.1 in /pipeline
d10ff8a 
Bumps [simplejson](https://github.com/simplejson/simplejson) from 3.20.2 to 4.1.1.
- [Release notes](https://github.com/simplejson/simplejson/releases)
- [Changelog](https://github.com/simplejson/simplejson/blob/main/CHANGES.txt)
- [Commits](simplejson/simplejson@v3.20.2...v4.1.1)

---
updated-dependencies:
- dependency-name: simplejson
  dependency-version: 4.1.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies tech. enhancement technical enhancement labels May 1, 2026
@tristanrobert
Copy link
Copy Markdown
Contributor

tristanrobert commented May 1, 2026

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 1, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@VincentAntoine VincentAntoine

Labels

dependencies tech. enhancement technical enhancement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tristanrobert @VincentAntoine