dependabot[bot] opened a new pull request, #41082: URL: https://github.com/apache/superset/pull/41082
Bumps [simplejson](https://github.com/simplejson/simplejson) from 3.20.1 to 4.1.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/simplejson/simplejson/releases";>simplejson's releases</a>.</em></p> <blockquote> <h2>v4.1.1</h2> <h2>What's Changed</h2> <ul> <li>Add Python 2.7 wheel builds for Windows platforms by <a href="https://github.com/etrepum";><code>@etrepum</code></a> in <a href="https://redirect.github.com/simplejson/simplejson/pull/378";>simplejson/simplejson#378</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/simplejson/simplejson/compare/v4.1.0...v4.1.1";>https://github.com/simplejson/simplejson/compare/v4.1.0...v4.1.1</a></p> <h2>v4.1.0</h2> <h2>What's Changed</h2> <ul> <li>Accelerate indented encoding in the C extension; release 4.1.0 by <a href="https://github.com/etrepum";><code>@etrepum</code></a> in <a href="https://redirect.github.com/simplejson/simplejson/pull/376";>simplejson/simplejson#376</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/simplejson/simplejson/compare/v4.0.1...v4.1.0";>https://github.com/simplejson/simplejson/compare/v4.0.1...v4.1.0</a></p> <h2>v4.0.1</h2> <h2>What's Changed</h2> <ul> <li>Exclude Pyodide wheels from PyPI uploads by <a href="https://github.com/etrepum";><code>@etrepum</code></a> in <a href="https://redirect.github.com/simplejson/simplejson/pull/375";>simplejson/simplejson#375</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/simplejson/simplejson/compare/v4.0.0...v4.0.1";>https://github.com/simplejson/simplejson/compare/v4.0.0...v4.0.1</a></p> <h2>v4.0.0</h2> <h2>What's Changed</h2> <p>Version 4.0.0 released 2026-04-18</p> <ul> <li> <p>simplejson 4 requires Python 2.7 or Python 3.8+. Older Python versions (2.5, 2.6, 3.0-3.7) are no longer supported. pip will not install simplejson 4 on unsupported versions.</p> </li> <li> <p>The C extension now uses heap types and per-module state instead of static types and global state. This is required for free-threading support and sub-interpreter isolation. The Python-level API is unchanged.</p> </li> <li> <p>Full support for Python 3.13+ free-threading (PEP 703). The C extension is now safe to use with the GIL disabled (python3.14t):</p> <ul> <li>Converted all static types to heap types with per-module state</li> <li>Added per-object critical sections to scanner and encoder</li> <li>Added free-threading-safe dict operations for Python 3.13+</li> <li>Unified per-module state management and templated parser <a href="https://redirect.github.com/simplejson/simplejson/pull/363";>simplejson/simplejson#363</a> <a href="https://redirect.github.com/simplejson/simplejson/pull/364";>simplejson/simplejson#364</a> <a href="https://redirect.github.com/simplejson/simplejson/pull/365";>simplejson/simplejson#365</a> <a href="https://redirect.github.com/simplejson/simplejson/pull/367";>simplejson/simplejson#367</a> <a href="https://redirect.github.com/simplejson/simplejson/pull/369";>simplejson/simplejson#369</a></li> </ul> </li> <li> <p>Numerous C extension memory safety fixes:</p> <ul> <li>Fix use-after-free and leak in encoder ident handling</li> <li>Fix NULL dereferences on OOM in module init and static string init</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/simplejson/simplejson/blob/main/CHANGES.txt";>simplejson's changelog</a>.</em></p> <blockquote> <p>Version 4.1.1 released 2026-04-24</p> <ul> <li>The <code>build_wheels_py27</code> CI job now also builds Python 2.7 wheels for Windows AMD64 and Windows x86, joining the existing Py2.7 manylinux1 / manylinux2010 x86_64 wheels. This unblocks offline / <code>--no-index</code> installs on Py2.7-on-Windows (the original reporter's case), which previously had no matching binary wheel on PyPI, fell through to the sdist, and failed on the PEP 517 isolated-build step complaining that <code>setuptools>=42</code> was not in the wheelhouse. <a href="https://redirect.github.com/simplejson/simplejson/issues/377";>simplejson/simplejson#377</a></li> </ul> <p>Version 4.1.0 released 2026-04-22</p> <ul> <li> <p>The C extension now accelerates encoding when <code>indent=</code> is set. Previously the encoder fell back to the pure-Python implementation whenever a non-None <code>indent</code> was passed; now the C encoder emits the newline-plus-indent prefix, the level-aware item separator, and the closing indent directly. A representative nested-dict workload benchmarks about 4-5x faster end-to-end, and the <code>indent=0</code> and empty-container edge cases continue to match the Python output byte-for-byte.</p> </li> <li> <p>The C extension now emits PEP 678 <code>exc.add_note()</code> annotations on serialization failures, matching the pure-Python encoder. A chained error on <code>{'a': [1, object(), 3]}</code> produces the same three notes (<code>when serializing object object</code>, <code>when serializing list item 1</code>, <code>when serializing dict item 'a'</code>) whether the speedups are loaded or not, so the add_note assertions in <code>test_errors.py</code> no longer need <code>indent=2</code> to force the Python path.</p> </li> </ul> <p>Version 4.0.1 released 2026-04-18</p> <ul> <li>Skip uploading Pyodide/wasm wheels to PyPI, which rejects them with "unsupported platform tag 'pyodide_2024_0_wasm32'". The wheels are still built in CI and preserved as workflow artifacts. <a href="https://redirect.github.com/simplejson/simplejson/pull/375";>simplejson/simplejson#375</a></li> </ul> <p>Version 4.0.0 released 2026-04-18</p> <ul> <li> <p>simplejson 4 requires Python 2.7 or Python 3.8+. Older Python versions (2.5, 2.6, 3.0-3.7) are no longer supported. pip will not install simplejson 4 on unsupported versions.</p> </li> <li> <p>The C extension now uses heap types and per-module state instead of static types and global state. This is required for free-threading support and sub-interpreter isolation. The Python-level API is unchanged.</p> </li> <li> <p>Full support for Python 3.13+ free-threading (PEP 703). The C</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/simplejson/simplejson/commit/639b2ee73b2de6b385fcd4d44e0e08054a4d8a0e";><code>639b2ee</code></a> Add Python 2.7 wheel builds for Windows platforms (<a href="https://redirect.github.com/simplejson/simplejson/issues/378";>#378</a>)</li> <li><a href="https://github.com/simplejson/simplejson/commit/0fd3185ce301bdefe61bbbf510536fa9127962fb";><code>0fd3185</code></a> Accelerate indented encoding in the C extension; release 4.1.0 (<a href="https://redirect.github.com/simplejson/simplejson/issues/376";>#376</a>)</li> <li><a href="https://github.com/simplejson/simplejson/commit/19b5f94f235d3ac11646b82c02f292845b2aa184";><code>19b5f94</code></a> Exclude Pyodide wheels from PyPI uploads (<a href="https://redirect.github.com/simplejson/simplejson/issues/375";>#375</a>)</li> <li><a href="https://github.com/simplejson/simplejson/commit/1608c050bbc2ae67ddfe913dad83bed7d588aa27";><code>1608c05</code></a> Use JSONDecodeError for out-of-range end indices in C scanstring (<a href="https://redirect.github.com/simplejson/simplejson/issues/374";>#374</a>)</li> <li><a href="https://github.com/simplejson/simplejson/commit/3bba17935f12695355b5280df2a93bf963b704dd";><code>3bba179</code></a> Encoder parity fixes (for_json/_asdict) and TSan stress CI job (<a href="https://redirect.github.com/simplejson/simplejson/issues/373";>#373</a>)</li> <li><a href="https://github.com/simplejson/simplejson/commit/7b22d65b92ac7e69f740f59fe11548216b79c098";><code>7b22d65</code></a> Error parity for the C and Python scanstring in surrogate and truncated strin...</li> <li><a href="https://github.com/simplejson/simplejson/commit/825100a7fc498dafae31d10bef3e3cfaba1fdc5b";><code>825100a</code></a> Release version 4.0.0: free-threading, CPython json parity, Python 2.7 fixes ...</li> <li><a href="https://github.com/simplejson/simplejson/commit/0dbb9d875127a9009f01a4036fa950b0a5f4f589";><code>0dbb9d8</code></a> C extension: dead code cleanup, fast paths for dict/list/string encoding, cor...</li> <li><a href="https://github.com/simplejson/simplejson/commit/e2e5f0b2d3bae3fd9a56bbaab42f6d75fb980ad5";><code>e2e5f0b</code></a> Add Python 3.13+ free-threading support to dict operations (<a href="https://redirect.github.com/simplejson/simplejson/issues/369";>#369</a>)</li> <li><a href="https://github.com/simplejson/simplejson/commit/e817370a91f4f51a0aec5f0f7bdeb1ca601ed101";><code>e817370</code></a> Fix free-threading (3.14t) crashes: heap types, unified per-module state, tem...</li> <li>Additional commits viewable in <a href="https://github.com/simplejson/simplejson/compare/v3.20.1...v4.1.1";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
