From 844a5ad97701a6848b22315fbb772bb1169d372f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 19 Apr 2023 13:47:22 +0200
Subject: [PATCH] Bump ujson from 4.0.2 to 5.7.0 (#104)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [ujson](https://github.com/ultrajson/ultrajson) from 4.0.2 to
5.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ultrajson/ultrajson/releases">ujson's
releases</a>.</em></p>
<blockquote>
<h2>5.7.0</h2>
<h2>Added</h2>
<ul>
<li>Support ujson.loads(bytearray(...)) and other bytes-like objects.
(<a
href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/573">#573</a>)
<a href="https://github.com/bwoodsend"><code>@​bwoodsend</code></a></li>
</ul>
<h2>5.6.0</h2>
<h2>Added</h2>
<ul>
<li>Update vendored double-conversion to 3.2.1 (<a
href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/570">#570</a>)
<a
href="https://github.com/joemarshall"><code>@​joemarshall</code></a></li>
</ul>
<h2>Fixed</h2>
<ul>
<li>Fix len integer overflow issue (<a
href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/567">#567</a>)
<a href="https://github.com/marioga"><code>@​marioga</code></a></li>
</ul>
<h2>5.5.0</h2>
<h2>Added</h2>
<ul>
<li>Add support for Python 3.11 and PyPy3.9 (<a
href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/564">#564</a>)
<a href="https://github.com/hugovk"><code>@​hugovk</code></a></li>
<li>Add separators encoding parameter (<a
href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/557">#557</a>)
<a
href="https://github.com/JustAnotherArchivist"><code>@​JustAnotherArchivist</code></a></li>
</ul>
<h2>Fixed</h2>
<ul>
<li>Fix encoding of infinity (<a
href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/80">#80</a>).
(<a
href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/562">#562</a>)
<a href="https://github.com/bwoodsend"><code>@​bwoodsend</code></a></li>
</ul>
<h2>5.4.0</h2>
<h2>Added</h2>
<ul>
<li>Add support for arbitrary size integers (<a
href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/548">#548</a>)
<a
href="https://github.com/JustAnotherArchivist"><code>@​JustAnotherArchivist</code></a></li>
</ul>
<h2>Fixed</h2>
<ul>
<li>CVE-2022-31116:
<ul>
<li>Replace <code>wchar_t</code> string decoding implementation with a
<code>uint32_t</code>-based one (<a
href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/555">#555</a>)
<a
href="https://github.com/JustAnotherArchivist"><code>@​JustAnotherArchivist</code></a></li>
<li>Fix handling of surrogates on decoding (<a
href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/550">#550</a>)
<a
href="https://github.com/JustAnotherArchivist"><code>@​JustAnotherArchivist</code></a></li>
</ul>
</li>
<li>CVE-2022-31117: Potential double free of buffer during string
decoding <a
href="https://github.com/JustAnotherArchivist"><code>@​JustAnotherArchivist</code></a></li>
<li>Fix memory leak on encoding errors when the buffer was resized (<a
href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/549">#549</a>)
<a
href="https://github.com/JustAnotherArchivist"><code>@​JustAnotherArchivist</code></a></li>
<li>Integer parsing: always detect overflows (<a
href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/544">#544</a>)
<a href="https://github.com/NaN-git"><code>@​NaN-git</code></a></li>
<li>Fix handling of surrogates on encoding (<a
href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/530">#530</a>)
<a
href="https://github.com/JustAnotherArchivist"><code>@​JustAnotherArchivist</code></a></li>
</ul>
<h2>5.3.0</h2>
<h2>Added</h2>
<ul>
<li>Test Python 3.11 beta (<a
href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/539">#539</a>)
<a href="https://github.com/hugovk"><code>@​hugovk</code></a></li>
</ul>
<h2>Changed</h2>
<ul>
<li>Benchmark refactor - argparse CLI (<a
href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/533">#533</a>)
<a href="https://github.com/Erotemic"><code>@​Erotemic</code></a></li>
</ul>
<h2>Fixed</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/ultrajson/ultrajson/commit/7ae42dc18d84da80865e61b19f9b74f75fb80137"><code>7ae42dc</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/575">#575</a>
from ultrajson/pre-commit-ci-update-config</li>
<li><a
href="https://github.com/ultrajson/ultrajson/commit/6811883090083c8987a28ead04ff8561c710db51"><code>6811883</code></a>
[pre-commit.ci] pre-commit autoupdate</li>
<li><a
href="https://github.com/ultrajson/ultrajson/commit/1876c02e0fd765895670d04591422202950a4358"><code>1876c02</code></a>
Limit loading from bytes-like to just bytes() and bytearray() on
PyPy.</li>
<li><a
href="https://github.com/ultrajson/ultrajson/commit/87dd1173aecccc87729426afb75c651cf2094bd1"><code>87dd117</code></a>
Support ujson.loads(bytearray(...)) and other bytes-like objects.</li>
<li><a
href="https://github.com/ultrajson/ultrajson/commit/18607247be7c8a2d884396888fda3e514c7db612"><code>1860724</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/571">#571</a>
from ultrajson/all-repos_autofix_add-3.12-dev</li>
<li><a
href="https://github.com/ultrajson/ultrajson/commit/abb49512bff1216afd83c6fd82d25170df21a82d"><code>abb4951</code></a>
Test Python 3.12-dev</li>
<li><a
href="https://github.com/ultrajson/ultrajson/commit/2907fdebe6183127847d8f3bc8b8b2659a72c879"><code>2907fde</code></a>
Update vendored double-conversion to 3.2.1 (<a
href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/570">#570</a>)</li>
<li><a
href="https://github.com/ultrajson/ultrajson/commit/13da58c86d9bbb833cdc9cd89a51a2b483fd3eeb"><code>13da58c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/569">#569</a>
from ultrajson/3.11-dev-to-3.11</li>
<li><a
href="https://github.com/ultrajson/ultrajson/commit/7d5e8fc1c6c7d4760763b05b32642cd889e299a4"><code>7d5e8fc</code></a>
Replace 3.11-dev with 3.11</li>
<li><a
href="https://github.com/ultrajson/ultrajson/commit/87c74e3da170e282a68751cec5a0843d25033e51"><code>87c74e3</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/ultrajson/ultrajson/issues/568">#568</a>
from ultrajson/all-repos_autofix_all-repos-sed</li>
<li>Additional commits viewable in <a
href="https://github.com/ultrajson/ultrajson/compare/4.0.2...5.7.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ujson&package-manager=pip&previous-version=4.0.2&new-version=5.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 0d205da..97dbc7f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,3 +1,3 @@
 aiohttp==3.8.4; sys_platform == 'win32'
 aiohttp[speedups]==3.7.4; sys_platform != 'win32'
-ujson==4.0.2
+ujson==5.7.0