Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-orjson for openSUSE:Factory checked in at 2026-03-25 21:17:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-orjson (Old) and /work/SRC/openSUSE:Factory/.python-orjson.new.8177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-orjson" Wed Mar 25 21:17:21 2026 rev:15 rq:1342296 version:3.11.7 Changes: -------- --- /work/SRC/openSUSE:Factory/python-orjson/python-orjson.changes 2026-01-27 16:07:12.137231356 +0100 +++ /work/SRC/openSUSE:Factory/.python-orjson.new.8177/python-orjson.changes 2026-03-27 06:48:31.995564880 +0100 @@ -1,0 +2,18 @@ +Sun Mar 15 20:20:34 UTC 2026 - Dirk Müller <[email protected]> + +- update to 3.11.7: + * Use a faster library to serialize `float`. Users with byte- + exact regression + * tests should note positive exponents are now written using a + `+`, e.g., `1.2e+30` instead of `1.2e30`. + * ABI compatibility with CPython 3.15 alpha 5 free-threading. + * orjson now includes code licensed under the Mozilla Public + License 2.0 (MPL-2.0). + * Drop support for Python 3.9. + * ABI compatibility with CPython 3.15 alpha 5. + * Build now depends on Rust 1.89 or later instead of 1.85. + * Fix sporadic crash serializing deeply nested `list` of + `dict`. +- drop CVE-2025-67221.patch (upstream) + +------------------------------------------------------------------- Old: ---- CVE-2025-67221.patch orjson-3.11.5-devendored.tar.xz orjson-3.11.5.tar.gz New: ---- orjson-3.11.7-devendored.tar.xz ----------(Old B)---------- Old: `dict`. - drop CVE-2025-67221.patch (upstream) ----------(Old E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-orjson.spec ++++++ --- /var/tmp/diff_new_pack.Xnb4aC/_old 2026-03-27 06:48:34.239657291 +0100 +++ /var/tmp/diff_new_pack.Xnb4aC/_new 2026-03-27 06:48:34.251657785 +0100 @@ -18,19 +18,16 @@ %{?sle15_python_module_pythons} Name: python-orjson -Version: 3.11.5 +Version: 3.11.7 Release: 0 Summary: Fast, correct Python JSON library supporting dataclasses, datetimes, and numpy -License: Apache-2.0 OR MIT +License: (Apache-2.0 OR MIT) AND MPL-2.0 URL: https://github.com/ijl/orjson # Update: Change version and run `osc rm orjson-*.tar.gz && osc service runall download_files && sh ./devendor-sdist.sh && osc service runall cargo_vendor` Source0: orjson-%{version}-devendored.tar.xz Source1: vendor.tar.xz -Source2: https://files.pythonhosted.org/packages/source/o/orjson/orjson-%{version}.tar.gz Source3: devendor-sdist.sh Source4: PACKAGING_README.md -# PATCH-FIX-OPENSUSE CVE-2025-67221.patch gh#ijl/orjson#637 -Patch0: CVE-2025-67221.patch BuildRequires: %{python_module base >= 3.9} BuildRequires: %{python_module maturin >= 1.9.2} BuildRequires: %{python_module pip} ++++++ orjson-3.11.5-devendored.tar.xz -> orjson-3.11.7-devendored.tar.xz ++++++ ++++ 6735 lines of diff (skipped) ++++++ vendor.tar.xz ++++++ ++++ 1025368 lines of diff (skipped)
