Skip to content

pip: bump orjson to 3.11.5#1031

Merged
saratpoluri merged 10 commits intomainfrom
dmytroye/CVE-2025-67221-fix
Feb 19, 2026
Merged

pip: bump orjson to 3.11.5#1031
saratpoluri merged 10 commits intomainfrom
dmytroye/CVE-2025-67221-fix

Conversation

@dmytroye
Copy link
Copy Markdown
Member

@dmytroye dmytroye commented Feb 18, 2026
edited
Loading

📝 Description

Fix for CVE-2025-67221

This PR updates the orjson dependency from version 3.11.3 to 3.11.5 in the controller service. The orjson library is used for high-performance JSON serialization/deserialization with numpy array support in the Scene Controller's MQTT message handling and data publishing workflows.

Changes:

  • Bumped orjson dependency version from 3.11.3 to 3.11.5 in controller's runtime requirements

✨ Type of Change

Select the type of change your PR introduces:

  • 🐞 Bug fix – Non-breaking change which fixes an issue
  • 🚀 New feature – Non-breaking change which adds functionality
  • 🔨 Refactor – Non-breaking change which refactors the code base
  • 💥 Breaking change – Changes that break existing functionality
  • 📚 Documentation update
  • 🔒 Security update
  • 🧪 Tests
  • 🚂 CI

🧪 Testing Scenarios

Describe how the changes were tested and how reviewers can test them too:

  • ✅ Tested manually
  • 🤖 Ran automated end-to-end tests

✅ Checklist

Before submitting the PR, ensure the following:

  • 🔍 PR title is clear and descriptive
  • 📝 For internal contributors: If applicable, include the JIRA ticket number (e.g., ITEP-123456) in the PR title. Do not include full URLs
  • 💬 I have commented my code, especially in hard-to-understand areas
  • 📄 I have made corresponding changes to the documentation
  • ✅ I have added tests that prove my fix is effective or my feature works

@dmytroye dmytroye requested a review from Copilot February 18, 2026 10:02
Copilot AI reviewed Feb 18, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment
edited by dmytroye
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the orjson dependency from version 3.11.3 to 3.11.5 in the controller service. The orjson library is used for high-performance JSON serialization/deserialization with numpy array support in the Scene Controller's MQTT message handling and data publishing workflows.

Changes:

  • Bumped orjson dependency version from 3.11.3 to 3.11.5 in controller's runtime requirements

@dmytroye
Update controller/requirements-runtime.txt
da6eb17 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@dmytroye dmytroye changed the title pip: bump orjson to 3.11.7 pip: bump orjson to 3.11.5 Feb 18, 2026
@dmytroye dmytroye marked this pull request as ready for review February 18, 2026 10:08
@saratpoluri saratpoluri enabled auto-merge (squash) February 19, 2026 07:29
@saratpoluri saratpoluri merged commit 183a66e into main Feb 19, 2026
31 of 33 checks passed
@saratpoluri saratpoluri deleted the dmytroye/CVE-2025-67221-fix branch February 19, 2026 16:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@saratpoluri saratpoluri saratpoluri approved these changes

@Irakus Irakus Irakus approved these changes

@ltalarcz ltalarcz Awaiting requested review from ltalarcz

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@dmytroye @saratpoluri @Irakus @scenescapecicd