Skip to content

chore(deps): bump orjson from 3.10.10 to 3.11.6#110973

Merged
michelletran-sentry merged 2 commits into
masterfrom
dependabot/uv/orjson-3.11.6
Mar 30, 2026
Merged

chore(deps): bump orjson from 3.10.10 to 3.11.6#110973
michelletran-sentry merged 2 commits into
masterfrom
dependabot/uv/orjson-3.11.6

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 18, 2026
edited
Loading

Bumps orjson from 3.10.10 to 3.11.6.

Release notes

Sourced from orjson's releases.

3.11.6

Changed

  • orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
  • Drop support for Python 3.9.
  • ABI compatibility with CPython 3.15 alpha 5.
  • Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

  • Fix sporadic crash serializing deeply nested list of dict.

3.11.5

Changed

  • Show simple error message instead of traceback when attempting to build on unsupported Python versions.

3.11.4

Changed

  • ABI compatibility with CPython 3.15 alpha 1.
  • Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7, manylinux ppc64le, manylinux s390x.
  • Build now requires a C compiler.

3.11.3

Fixed

  • Fix PyPI project metadata when using maturin 1.9.2 or later.

3.11.2

Fixed

  • Fix build using Rust 1.89 on amd64.

Changed

  • Build now depends on Rust 1.85 or later instead of 1.82.

3.11.1

Changed

  • Publish PyPI wheels for CPython 3.14.

Fixed

  • Fix str on big-endian architectures.

3.11.0

... (truncated)

Changelog

Sourced from orjson's changelog.

3.11.6 - 2026-01-29

Changed

  • orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
  • Drop support for Python 3.9.
  • ABI compatibility with CPython 3.15 alpha 5.
  • Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

  • Fix sporadic crash serializing deeply nested list of dict.

3.11.5 - 2025-12-06

Changed

  • Show simple error message instead of traceback when attempting to build on unsupported Python versions.

3.11.4 - 2025-10-24

Changed

  • ABI compatibility with CPython 3.15 alpha 1.
  • Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7, manylinux ppc64le, manylinux s390x.
  • Build now requires a C compiler.

3.11.3 - 2025-08-26

Fixed

  • Fix PyPI project metadata when using maturin 1.9.2 or later.

3.11.2 - 2025-08-12

Fixed

  • Fix build using Rust 1.89 on amd64.

Changed

  • Build now depends on Rust 1.85 or later instead of 1.82.

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Mar 18, 2026
@github-actions github-actions Bot added the Scope: Backend Automatically applied to PRs that change backend components label Mar 18, 2026
cursor[bot]
cursor Bot reviewed Mar 18, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@cursor cursor Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Comment thread uv.lock
{ url = "https://pypi.devinfra.sentry.io/wheels/orjson-3.11.6-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:cded072b9f65fcfd188aead45efa5bd528ba552add619b3ad2a81f67400ec450" },
{ url = "https://pypi.devinfra.sentry.io/wheels/orjson-3.11.6-cp314-cp314-macosx_15_0_arm64.whl", hash = "sha256:132b0ab2e20c73afa85cf142e547511feb3d2f5b7943468984658f3952b467d4" },
{ url = "https://pypi.devinfra.sentry.io/wheels/orjson-3.11.6-cp314-cp314-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:b376fb05f20a96ec117d47987dd3b39265c635725bda40661b4c5b73b77b5fde" },
{ url = "https://pypi.devinfra.sentry.io/wheels/orjson-3.11.6-cp314-cp314-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6dddf9ba706294906c56ef5150a958317b09aa3a8a48df1c52ccf22ec1907eac" },
Copy link
Copy Markdown
Contributor

@cursor cursor Bot Mar 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing macOS x86_64 wheel and macOS 15 minimum requirement

Medium Severity

The new orjson 3.11.6 entry in the lock file only includes a macosx_15_0_arm64 wheel for macOS, whereas 3.10.10 had a macosx_10_15_universal2 wheel covering both Intel (x86_64) and Apple Silicon. The private registry is missing the x86_64 macOS wheel (which exists on public PyPI for 3.11.6). Developers on Intel Macs will have no pre-built wheel, and Apple Silicon developers running macOS 14 (Sonoma) or earlier will also be unable to use the arm64 wheel due to the macosx_15_0 minimum requirement — a jump from the previous macosx_10_15/macosx_11_0 minimum.

Fix in Cursor Fix in Web

@dependabot
chore(deps): bump orjson from 3.10.10 to 3.11.6
c5101a5 
Bumps [orjson](https://github.com/ijl/orjson) from 3.10.10 to 3.11.6.
- [Release notes](https://github.com/ijl/orjson/releases)
- [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md)
- [Commits](ijl/orjson@3.10.10...3.11.6)

---
updated-dependencies:
- dependency-name: orjson
  dependency-version: 3.11.6
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/uv/orjson-3.11.6 branch from 2339723 to c5101a5 Compare March 20, 2026 20:19
@michelletran-sentry michelletran-sentry added Trigger: getsentry tests Once code is reviewed: apply label to PR to trigger getsentry tests labels Mar 30, 2026
@michelletran-sentry michelletran-sentry enabled auto-merge (squash) March 30, 2026 15:24
@michelletran-sentry michelletran-sentry merged commit 6189ecf into master Mar 30, 2026
87 of 123 checks passed
@michelletran-sentry michelletran-sentry deleted the dependabot/uv/orjson-3.11.6 branch March 30, 2026 15:27
@github-actions github-actions Bot locked and limited conversation to collaborators Apr 15, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@michelletran-sentry michelletran-sentry michelletran-sentry approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code Scope: Backend Automatically applied to PRs that change backend components Trigger: getsentry tests Once code is reviewed: apply label to PR to trigger getsentry tests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@michelletran-sentry